How a provider of data-centric security to the world’s leading companies secures its Data Security Manager with Thales HSMs.The challenge:
As a leading provider of data-centric security architecture to 1,500 global customers – including 17 of the Fortune 30 – Vormetric offers a data security platform with capabilities for transparent file-level encryption, application-layer encryption, tokenization, cloud encryption gateway services, integrated key management, and security intelligence logging. The platform is anchored by the Vormetric Data Security Manager (DSM), providing centralized policy control for encryption, privileged user access control and security intelligence across an organization.
With the inherent risk of ever-greater volumes of data moving to the cloud as well as increased data accessibility resulting from big data environments, Vormetric wanted to provide their customers with high levels of trust and auditability for operations controlled by the DSM. Customers in finance, banking and other highly regulated and security conscious industries are particularly concerned about preventing data breaches, knowing that it is next to impossible to plug every potential hole in traditional perimeter defenses. To help satisfy customer concerns and enhance the trust of the overall platform, Vormetric provides the option of an embedded hardware security module (HSM) for added protection. Vormetric needed an HSM that was not only FIPS 140-2 Level 3 compliant but also that could integrate easily with the DSM and provide customers with an extensible architecture to support deployments across data centers and cloud environments.
The solution: Vormetric Data Security Manager with Thales HSMs
Vormetric has long offered the option for customers to choose a higher level of security with a management console that is FIPS 140-2 Level 2 or Level 3 certified. A critical component of meeting this standard is the incorporation of a HSM within the Vormetric DSM. When updating their DSM to support evolving security needs, Vormetric chose nShield HSMs from Thales and now optionally ships DSMs with embedded nShield Solo PCIe cards to meet these needs. Vormetric has also integrated Thales HSM management into the DSM administration console to help simplify overall solution management.
Thales HSMs not only offered the enhanced security and ease of integration that Vormetric required, but also better support for customers with deployments that are distributed to multiple data centers, thanks to the unique Thales Security World architecture. Thales Security World provides a key management framework that enabled Vormetric to implement a superior approach to HSM initialization and administration. Vormetric customers can conveniently deploy a single Security World across all DSM appliances in a cluster and across multiple locations, increasing their security posture without introducing the cost and inconvenience of alternative solutions.