INFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW



Similar documents
Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

Building Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

Data Protection and Mobile Payments. Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

MPOS: RISK AND SECURITY

SafeNet Securing Microsoft Solutions

SAFEAPP TECHNOLOGY PROGRAM

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

HSM: A Must Have. Applications are everywhere SafeNet Inc. All rights reserved.

Alliance Key Manager Solution Brief

STRONGER AUTHENTICATION for CA SiteMinder

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

AEP Systems. Federal PKI Technical Working Group June 2003

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

RSA SecurID Two-factor Authentication

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

NCR Secure Pay FAQ Updated June 12, 2014

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

FAMILY BROCHURE Sensitive data is everywhere. So are we.

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Smart Cards for Payment Systems

Secure SSL, Fast SSL

Digital Signing without the Headaches

RSA Digital Certificate Solution

Alliance Key Manager Cloud HSM Frequently Asked Questions

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI Solution for Retail: Addressing Compliance and Security Best Practices

MySQL Security: Best Practices

PCI PA-DSS Requirements. For hardware vendors

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

ADDING STRONGER AUTHENTICATION for VPN Access Control

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Axway Validation Authority Suite

Key Management Best Practices

Complying with PCI Data Security

PCI DSS Compliance Services January 2016

Euronet s Internet Banking Solution Built for Today s Online Business

Future directions of the AusCERT Certificate Service

Creating a trust infrastructure to support mobile payments

WebSphere DataPower Release FIPS and NIST SP a support.

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

PrivyLink Cryptographic Key Server *

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

What is an SSL Certificate?

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Payment Card Security 12-Steps to meeting PCI-DSS Compliance with SafeNet

RSA Security. RSA, RC2, RC4, RC5, MD5 AES RC6 PKCS RSA Keon PKI. RSA BSAFE 5 Web. RSA SecurID 4000

Westpac Merchant. A guide to meeting the new Payment Card Industry Security Standards

Applying Cryptography as a Service to Mobile Applications

Managed Encryption Service

PrivateServer HSM Integration with Microsoft IIS

Payment Transactions Security & Enforcement

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

PCI Compliance 3.1. About Us

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

GiftCardXpress - Elavon Brief

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

U06 IT Infrastructure Policy

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

White Paper. Simplify SSL Certificate Management Across the Enterprise

Certification Program Pre-Engagement Questionnaire

PCI Security Compliance

Encryption Key Management for Microsoft SQL Server 2008/2014

PCI Compliance. Top 10 Questions & Answers

An Overview and Competitive Analysis of the One-Time Password (OTP) Market

Tenzing Security Services and Best Practices

Josiah Wilkinson Internal Security Assessor. Nationwide

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Baltimore UniCERT. the world s leading PKI. global e security

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Compliance Guide: PCI DSS

SAFE Digital Signatures in PDF

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities.

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Transcription:

Summary Purpose Business Value Product Type Technical function/certifications Product Family Name 1 General purpose Hardware Security Modules (HSMs) To securely protect cryptographic keys wherever they are used Prevent loss of sensitive data and the cost in terms of fines and brand damage Enable deployment of cryptographic security without losing valuable business time from bottlenecks Achieve compliance/meet best practice including: - PCI DSS (81% of QSA s recommend the use of HSMs*) - SOX - Basel II - EU Data Protection Reduce time and money spent on compliance* * PCI DSS Trends 2010 " QSA Insights (report is based on research conducted by The Ponemon Institute on behalf of Thales) Hardware (with user/developer software) Cryptographic key generation, protection and management Cryptographic acceleration FIPS 140-2 L3 Validated Common Criteria EAL4+ nshield Edge (USB Connected) nshield Solo (PCI or PCIe) nshield Connect (network connected and shareable) Software Developer Kit (SDK) September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 1

General purpose HSM use cases Use summary Purpose Business value a Database Encryption To provide strong protection and management of database encryption keys for embedded encryption technologies such as: MS SQL Server 2008 and 2008 R2 Oracle 11g (Advanced Security) b Web Servers and Web To provide strong protection and management of Web Server SSL keys such as: Services MS IIS and ISA Apache IBM HTTP Server Sun iplanet C Application Services To provide strong protection and management of application keys such as: IBM WebSphere Oracle/BEA Weblogic MS BizTalk Server.Net d PKI To provide strong protection and management for CA private keys used in conjunction with MS Certificate Services Entrust Security Manager RSA Keon CyberTrust Unicert e Document Management To provide strong protection and management for digital signature keys and time stamping e.g. Oracle RMS Adobe LiveCycle Document Security MS SharePoint f Strong Authentication To provide strong protection and key management for digital signature keys used to underpin authentication solutions e.g. Vasco Gemalto ActivIdentity BellID Cryptomathic Thales Safesign (see below) September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 2

2 Secure Time Stamping To prove that an electronic document or transaction was valid at the time of signing, even once the certificate has expired Document signing Transaction signing Code signing Improved legal authenticity of electronically signed documents Appliance To provide timestamps in accordance with standards RFC3161 MS Authenticode To deliver auditable time using DS/NTP Time Stamp Server (TSS) Time Source Master Clock (TSMC) 3 Payments-specific Hardware Security Modules (HSMs) To provide strong protection and management of payment processing keys PIN translation PIN printing Transaction verification (such as CAP and 3DSecure) Prevent loss of sensitive data and the costs in terms of fines and brand damage Help achieve regulatory compliance (e.g. Visa, MasterCard and other national schemes) Hardware and customised firmware To protect and manage payment processing keys Designed to meet payment processing schemes e.g. Visa, MasterCard and national schemes FIPS 140-2 validated Designed to meet PCI HSM standards payshield 9000 September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 3

4 Card Personalisation To provide secure card issuance P3 EMV card issuance Preparation of data Prevent loss of sensitive data and the cost in terms of fines and brand damage Save money by bringing card personalisation inhouse Appliance and software Secure preparation and issuance of payment cards in accordance with EMV and other local standards 5 Browser-based PIN Security To ensure that customer PINs encrypted with SSL are never in the clear (e.g. between the Web Server and back end systems) Secure PIN verification Prevent interception of customer PIN and potential brand damage and fines Protect against the internal and external threat of PIN theft Software toolkit solution with hardware Termination of an SSL session within secure HSM boundary General purpose hardware used in conjunction with toolkit is FIPS 140-2 L3 certified and CC EAL 4+ certified Codesafe SDK nshield HSM 6 Key Management for Storage Encryption Keys To provide strong protection and management for storage encryption keys used in conjunction with embedded encryption technologies such as: Brocade Encryption Switches IBM Tivoli Key Lifecycle Manager Reduce risk of security breaches Enable business continuity and data recovery Lower cost of maintenance encryption based storage Decrease time (and therefore cost) to deploy storage encryption Meet audit and compliance requirement Appliance Key management using standards-based protocols e.g. KMIP, P.1619.3 Thales Encryption Manager for Storage (TEMS) September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 4

7 In line Network Encryption To encrypt sensitive information passing between data centres over the network, to prevent sensitive data being intercepted Prevent loss of sensitive data and the cost in terms of fines and brand damage Appliance Point to point and point to multipoint line encryption Fully automated centralised key management Certifications include; - SGSS: FIPS 140-1 level4 - Unit: FIPS 140-2 level3 - Common Criteria 4 / 5 - UK CAPS Enhanced Point-to-point high speed wired or wireless Frame Relay network Inter & Transcontinental connectivity SAN (Storage Area network) between data centres WAN (Data, voice & video) Datacryptor 2000 (DC2K) Datacryptor Advanced Performance (DCAP) September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 5

8 Strong To strongly authenticate Improve customer Software Authenticates SafeSign Server Authentication employees or customers to confidence in on-line solution with Digitally signs Solution applications banking Single Sign on Maximise existing hardware User management authentication (general online banking technology purpose HSMs Certifications: transactions via tokens, smart cards investments e.g. EMV cards or tokens see above) (including EMV) mobile phones etc Reduce fraud online (saving costs of Authentication of clearing transactions e.g. bank to clearing house managing and compensating fraud) nshield general purpose HSM Awards: 1. Winner of the 2004 EEMA Award for Excellence in Secure Electronic Business (User and vendor partnership: Thales and BACSTEL-IP) 2. Winner of 2003 FST Best Use of B2B e-commerce (User and vendor partnership: Thales and BACSTEL-IP) 3. 2006 The Banker Technology Award - (For deployment of SafeSign with BankID; a Swedish service that offers secure electronic identification and signature on the Internet). September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 6

9 Professional Services Reduce risk Project dependent Professional Services To provide security and cryptographic services. Consultancy Bespoke development Training Code reviews Environment and policy review Implementation assistance Decrease implementation time of security projects (reducing cost) Maximise the value of deploying encryption by filling a gap in inhouse crypto knowledge Provide effective encryption systems, policies and processes Services Customised code software Documents and reports Training courses and materials Thales professional staff extensively experienced in helping organisations worldwide to deploy cryptography Many industry certified staff e.g. CISSP September 2010 www.thalesgroup.com/iss EMEA: +44 1223 723711 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information