SafeNet KeySecure PlatformEnterprise Key Management, Encryption and Tokenization

ApplicationConnector

Tokenization Service

Database Connector File & Directory

Connector

Virtual Image & Volume(AWS / VMware)

3rd Party Key Management(Tape / Disk / KMIP)

SafeNet KeySecureManagement and

Encryption Platform

ProtectToken

ProtectV

ProtectAPPProtectDB ProtectFile

Storage(NAS & SAN)

ProtectBatch

Batch File(Positional / Delimited)

The world’s most comprehensive portfolio of solutions for encrypting data at rest and key management in physical, cloud, or virtual datacenters.

SafeNet

ProtectDB

SafeNet

Tokenization

SafeNet

ProtectFile Storage

Partners SafeNet

ProtectVEcosystems

•IBM DB2

•Oracle

•Microsoft

SQL Server

•IBM

•SAP

•BEA

•Apache

•Sun

•Oracle

•Java

•Jboss

•Cassandra

•IBM DB2

•Oracle

•Microsoft SQL Server

•Linux

•Samba

•Windows Server

•Novell

•Apache Hadoop

•Cassandra

•mongoDB

•Microsoft SharePoint

•Amazon EC2 & S3

•Chef

•Docker

•Hitachi

•NetApp

•HP

•IBM

•Quantum

•Nutanix

•Dell

•Others…

•Amazon Web

Services

•Microsoft Azure

•VMware

•IBM SoftLayer

•Multiple programming

languages

•SOAP and REST interfaces

•OPEN XML interface

•KMIP interface

•Tape Libraries

•Storage

•Cloud gateways

•Databases

•Applications

SafeNet KeySecure Platform

Distributed Key Management

Apps | GW | Tape

Disk | KMIP | TDE

Virtual

Machines

Network Attached

StorageFile Servers

& SharesApplication

ServersDatabasesWeb &

Application Servers

•Key and crypto engine

•Authentication and authorization

•Key lifecycle management

•SNMP, NTP, SYSLOG

SafeNet

ProtectApp

•IBM

•BEA

•Sun

•Apache

•Oracle

•Java

•Jboss

SafeNet KeySecure & Encryption ConnectorIntegration Portfolio Support Detail

Gemalto offers the world’s most certified and widely deployed portfolio of crypto

management solutions for securing and managing encryption keys and also executing cryptographic functions.

KMIP Enabled

How Information flows ...

Deployment Effort

Security Application/Web+ Bespoke

+ 3rd Party

Databases+ OLTP

+ DW + reporting+ Batch processing

+ XML

Storage+ Full Disk encryption (FDE)

+ backup encryption

File/Directories+ File Servers (shared storage)

+ Client machines (laptop)+ prop/log file , App/DB files, xml,

word, excel, pdf…

Destination

Source (Inception)

Structured Data

Unstructured Data

4

SafeNet KeySecure Platform Components

Key Management Appliance

Secure operating system – hardened CentOS

Scalable / Built-in clustering / hardware redundancy

Selection of models – Physical and Virtual (FIPS Level 3)

Administration and key policy / access through GUI

Centralized key management

Centralized Auditing and Logging

Connectors

Software component that communicate with the KeySecure Appliance

Provides a point of integration into an end point via ProtectAPP, ProtectDB, ProtectFile, ProtectToken, ProtectV and StorageSecure & 3rd

party key management - KMIP

Provides load balancing, health checking, connection pooling

Secure SSL connection to SafeNet Appliance

SafeNet KeySecure Provides Centralized Key Management & Crypto Engine Appliance

Centralized Key ManagementCentrally manages symmetric, asymmetric keys and certificates

Generate, Export, Import, Destroy, Backup/Restore etc.

Support KMIP Standard

Built-in key rotation – versioned keys - Automation

Crypto Offload Engine Encryption & Decryption Services

Configurable for offload or local cryptoAuthentication & Authorization

Multi-factor system-to-system authentication and access controlCertificate based mutual authentication

Embedded username or IP within client certificate

Support for LDAP/AD user authentication

Granular, key-based cryptographic policyTime limit policies

Rate limit policies

Dual Administrative ControlMultiple credentials for sensitive operation

Security

Performance

Manageability

Availability

Flexibility

•Hardware-based, centralized key and policy management

•FIPS/CC certified solution

•Authentication and authorization

•High performance encryption offload, over 100K TPS

•Batch processing for massive amounts of data

•Efficient backup/restore capabilities, local encryption option

•Support for heterogeneous environments (app, db, file)

•Support for open standards and APIs

•Range of enterprise deployment models

•Intuitive, easy-to-use administration

•Separation of duties

•Centralized policy management

•Enterprise clustering and replication

•Load balancing, health checking, and failover

•Geographically distributed redundancy

SafeNet Platform Benefits

Centralized key and policy EnforcementSecurity administrators control data protection policy

Keys created and stored in a single location

Dual Administrative Control (M of N approvals)

Separation of Duties

Logging, Auditing and Alerts

FIPS & Common Criteria Certified SolutionFIPS 140-2 Level 2 & CC EAL2 Certified Hardware and Software

Keys stored separately from sensitive data

AES, 3DES, RSA and others – Standard Algorithms and Modes!!

Built-in Certificate Authority

Authentication & Authorization Multi-factor system-to-system authentication and access control

Granular, key-based, cryptographic policy

Support for LDAP

SecurityBuilt-in Granular Key Control

Encryption Offload Optimized, high-performance hardware

Frees up database and application servers

Latency less than 200 microseconds per request

More than 100K TPS per appliance

Local Encryption Option (works when key manager is on or off)Configurable for hardware offload or local encryption on client servers

Batch ProcessingPerform batch encrypts/decrypts for high performance

10K of thousands of operations a second

Batch tools include:

Transform Utility

ICAPI

Easy integration into existing applications

PerformanceBuilt-in High Performance

Heterogeneous Integration EnvironmentsWeb, Application, Database, Mainframe or File Server and disks

Encryption and Format Preserving Tokenization (FPT)

Data Center or Distributed Environments

Open Standards-based APIs, cryptographic protocols

Key Management for 3rd party applications

Scalability You can start small and roll across as you grow. Become key management standard,

rollout across the enterprise.

Models with capacity from 2,500 TPS to 100,000 TPS

Clustering further increases capacity and redundancy

Licensing structure enables cost-effective build-out

Flexibility Built-in to be a Service

Intuitive Administration and AutomationGraphical and command line interfacesPoint-and-click policy management

Encryption rights management

Key management

Network and system management

Simple configuration, analogous to a switch or router

Separation of DutiesSecurity administrators administrate securityMaximize productivity, minimize liabilityKeys, policies separate from data

Extensible Management PlatformCohesive, consistent elements across the enterpriseCommon management protocols, processesStandard implementation, integration methodology

ManageabilityBuilt-in GUI for Administration

DataCenter A

DataCenter B

KeySecure Cluster

ClusteringActive-Active clustering deployment

Keys and policies are shared and automatically replicated among KeySecures in

a global cluster

Load Balancing

Connectors can load balance across a group of appliances

Multi-tier load balancing enables transparent fail over to alternate

datacenters

Built-in Availability & RedundancyAvailability

KeySecure: Enterprise Key Management Centrally Manage Keys for partner solutions