Thales eSecurity: Continuing a 40-Year History of Helping Businesses Build Trust Through Advanced Data Security and HSM Management Solutions

TL; DR: In today’s landscape of expanding digital threats, ever-evolving IoT environments, and cloud-based storage infrastructure, businesses need all the tools they can get to safeguard their data and their reputations. Luckily, Thales eSecurity delivers an array of data protection solutions, including encryption, tokenization, and HSM management, among many others. We recently sat down with Senior Director of Product Marketing Charles Goldberg, who told us how Thales is committed to helping businesses secure their infrastructure — whether it’s on-premise or in the cloud — so they can operate with confidence and efficiency.

Digital attacks are at an all-time high around the world. A recent study from data security leader Thales eSecurity showed that 71% of enterprises throughout Europe have been breached, with 32% compromised within the last year. Every country is at risk, but none seem to be under greater threat than the UK. Despite a staggering increase in penetrations, IT security spending among UK businesses remains low while a false sense of safety is extremely high.

Thales’ study noted that attacks on British businesses rose 24% between April 2017 and April 2018. And several high-profile European attacks put at risk the data and reputations of a number of large organizations, including Accenture, T-Mobile, and Equifax. Attacks with cryptoworm ransomware WannaCry and the wider-reaching malware Bad Rabbit crippled thousands of systems, resulting in a whopping 37% of UK businesses being breached in the 12-month period.

“A tidal wave of data breaches is continuing to roll across Europe, with 3 in every 4 organizations now a victim of cybercrime,” Thales eSecurity’s Chief Strategy Officer Peter Galvin said in a press release. “As a result, people are feeling more vulnerable than ever before, worried about where the next threat will come from, and in what form.”

And that’s where Thales steps in.

“Thales eSecurity is a leading, pure-play, data security company with the broadest portfolio of data security products for Public Key Infrastructure (PKI), data encryption, and key management for every industry,” said Charles Goldberg, Thales eSecurity’s Senior Director of Product Marketing. “We remove the complexity of key management from operating encryption, tokenization, and masking solutions by centralizing control with our Vormetric Data Security Platform.”

Part of Thales Group, Thales eSecurity provides hardware security modules (HSMs), network encryption hardware, a data security platform, and cloud key manager. The aim, Charles told us, is to deliver security and trust in data wherever data is created, shared, or stored without impacting business agility.

“Our hardware security modules are at the heart of payment systems, IoT security, and delivering secure cloud systems with a key vault,” Charles said. “Our extensive set of partnerships are unique in the industry, and these partnerships help us innovate early to continuously meet new data security challenges.”

Early partnerships with hosting providers, including Rackspace and public cloud providers Azure and AWS, have kept Thales eSecurity in the leadership position to provide cloud data security solutions for both the enterprise customers migrating to cloud services and for cloud providers to offer encryption products.

“Our partnership with companies like Docker and RedHat enabled us to deliver container security solutions several years ago,” Charles said. “We were filling RSA seminar seats on this topic over three years ago.”

Thales’ cloud solutions provide data protection and key management for security, control, and compliance in multi-cloud environments. The company offers extensive solutions for the cloud from Bring Your Own Encryption (BYOE) to Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK). Thales also partners with more than 25 leading cloud providers of managed services and hosting to offer Vormetric Transparent Encryption as a service for advanced encryption and key management solutions.

“The public cloud sector is growing like a wildfire,” Charles said. “For Amazon Web Services, Microsoft Azure, and Google Cloud Platform, you can bring your own advanced encryption, access controls, and logging to ensure better data protection than native cloud encryption solutions provide.”

Charles told us that, with centralized key management of advanced encryption, data mobility between clouds is greatly simplified. If public cloud encryption suffices or is the only option, such as for SaaS solutions and certain PaaS solutions, Thales supports Bring Your Own Key offerings as well as Key Management as a Service, including those for Salesforce.com.

“It’s hard to choose just one product that we think is most valuable for businesses, especially with the level of innovation and execution over the past few years,” Charles said. “But what I’m most impressed with is our Vormetric Transparent Encryption product. It is the product that Vormetric was founded on over 15 years ago, and it essentially delivers the same functionality, but continues to evolve to meet modern scale requirements and support new platforms such as virtualization, cloud, big data, and containers.”

Charles told us that functionality includes File-level Encryption for files and databases, Privileged User Access Control, and Security Intelligence Logs. Vormetric Transparent Encryption can rekey encrypted data while the files are still in use — which means no planned downtime.

“We recently went a step further in enabling our Cloud Partners the ability to deliver their own Bring Your Own Key (BYOK) services to their end customers,” Charles said, “by offering an API that supports customer-supplied keys for our encryption and database TDE key management products.”

Charles told us that Thales Group bought a company in 2000 called Racal, which included a division that built payment HSMs, which ultimately became Thales eSecurity. Fast forward a few years, and Thales became the leading provider of payment HSMs. Thales then rounded out its portfolio by acquiring a general-purpose hardware security module company, nCipher, and, in 2016, acquired a software company, Vormetric — a Silicon Valley-based leader in data encryption.

“Thales eSecurity has had a good balance of building its security leadership through both measured acquisition and organic development,” Charles said. “Our aggressive product development has given us the ability to keep up with technology, compliance, and threat changes that our customers need to contend with every day. It is for that reason that many of customers have been with us for decades. We are focused on protecting their investment in our products, simplifying the complexities of cryptography, and constantly strive to improve operational efficiencies for protecting data.”

“Whenever you deploy encryption, you always deploy key management — the Yin and the Yang — you don’t have one without the other,” he said. “The key management is critical for an enterprise-class data security solution.”

Charles told us that the key management solution comes in different forms depending on the certification of the compliance level a customer requires: FIPS 140-2 is a NIST standard on the assurance of a key management solution. FIPS 140-2 Level 1 can be software, but Level 2 and above needs to be a hardware solution that can inform administrators and protect the keys if someone’s trying to tamper with the hardware.

“There’s more to it, but that’s a big difference between software and hardware,” he said. “You can tell if someone tampers with the hardware.”

Charles noted that, with FIPS 140-2 Level 3, you need to have your keys generated and protected with a hardware security module. For example, the Key Management for the Vormetric Data Security Platform is accomplished with the Vormetric Data Security Manager (DSM). The DSM is available in different form factors to meet different FIPS compliance levels. However, the Level 3 product includes an embedded HSM.

Thales eSecurity has shown a commitment to innovation and adapting to market demands. Over the past few years, the company has expanded its tokenization, data masking, orchestration, and IoT support. Charles told us the team is aggressively expanding Thales’ cloud support and recently announced new capabilities to further streamline BYOK key management by adding Azure national cloud support and automating key rotation in its CipherTrust Cloud Key Management solution. This solution is available as a service or can be deployed as a private service.

“It is challenging to keep our field up to date and well-trained, as well as informing our customers of all the new capabilities and product line expansions,” Charles said. “I can’t tell you how many times I’m talking to a customer and they say, ‘Oh, it’d be great if you guys would offer tokenization’ or ‘it’d be great if you gave us the tools so we could mask specific field in an existing database.’ And I say, ‘Yeah, we do have that. We’ve been doing that for years.’”

“We have a very rich set of solutions,” Charles said. “No one comes close to Thales’ offering, and it’s a huge advantage to have one vendor that could offer such a complete data security feature set. It reduces the number of vendors to work with, there is one support number and no finger pointing to worry about, and with Thales, you have a long proven record of keeping up with the changing market opportunities so your business can stay agile and secure.”