Protecting Data at the Application Level
At the core of the Vormetric Application Crypto Suite from Thales is a set of products that streamline development efforts to add encryption, tokenization, masking and other cryptographic functions to applications. The job of the developer is made easy and fast by leveraging sample code and APIs that are best for their environment, while key management functions are kept separate and secure in a FIPS 140-2 hardware or virtual appliance that is operated by IT or SecOps. Securing data at the application, with separation of duties for key management, provides the highest levels of protection and compliance.
The Vormetric Application Crypto Suite also includes applications and utilities that leverage the core components to add security layers to databases and other structured data stores.
Benefits
Reduce Risk and Deliver Compliance
Application layer data protection ensures that sensitive data is unidentifiable before it leaves the application server. This removes most risk vectors because the sensitive data is encrypted, masked or tokenized in motion and at rest in databases or data lakes.
A data breach would only leak worthless cryptographic text. This level of protection is a best practice to comply with data privacy and security regulations.
Efficient, secure application development
RESTful APIs and standards-based libraries provide access to data protection services from the widest range of operating environments with the simplest application integration, streamlining development and reducing the need for developer cryptographic expertise.
Centralized, FIPS 140-2 Key Management
Vormetric Application Crypto Suite services are part of the Vormetric Data Security Platform, at the center of which is the Vormetric Data Security Manager, offering up to FIPS 140-2 Level 3 key security with centralized key and data protection policy management that both enhances separations of duties for higher security and reduces total cost of ownership for data protection.
The Suite
The Vormetric Application Crypto Suite includes the following products:
- Vormetric Tokenization with Dynamic Data Masking enables more servers to be removed from PCI-DSS scope and helps protect personally-identifiable information (PII) for compliance with data protection mandates such as GDPR and the California Consumer Privacy Act
- The Vormetric Tokenization Server also provides comprehensive cryptographic and key management services via RESTful APIs for Vormetric Application Encryption
- It is also possible to utilize Vormetric Application Encryption using PKCS#11-based server-resident crypto and key management libraries, with the possibility of server-cached keys for the highest encryption performance. Read about it in the white paper
- Vormetric Batch Data Transformation is a static data masking solution that leverages both Vormetric Tokenization and Vormetric Application Encryption. Static data masking has so many use cases that you need to read the solution brief
- Vormetric Protection for Teradata Database complements Teradata with user-defined functions (UDFs) that enable data encryption with column-level key granularity