GEMALTO SAFENET KEYSECURE

Centrally control your organization's encryption keys wherever they reside

Once an organization encrypts it data, enterprise security then depends on encryption key management – the ability to generate, distribute, store, rotate, and revoke/destroy cryptographic keys as needed to protect the sensitive information with which they are associated.

With Gemalto, organizations can centrally, efficiently, and securely manage and store cryptographic keys and policies—across the key management lifecycle and throughout the enterprise. Our SafeNet Encryption Key Management solutions can manage keys across heterogeneous encryption platforms, offering support for the Key Management Interoperability Protocol (KMIP) standard as well as proprietary interfaces.

Now, security teams can uniformly view, control, and administer cryptographic policies and keys for all their sensitive data—whether it resides in the cloud, in storage, in databases, or virtually anywhere else.

 

Gemalto SafeNet KeySecure

 
 

SafeNet KeySecure from Gemalto is the industry’s leading centralized key management platform, and is available as a hardware appliance or hardened virtual security appliance. By utilizing SafeNet KeySecure, organizations benefit from its flexible options for secure and centralized key management – deployed in physical, virtualized infrastructure, and public cloud environments.

Only Gemalto can deliver key management appliances across FIPS-validated hardware or a virtual appliance with a hardware root of trust using SafeNet Hardware Security Modules or Amazon Cloud HSM service.

 

Highlighted Key Management Features:

  • Heterogeneous Key Management: Manages keys for a variety of encryption products including databases, file servers, tokenization and applications through Crypto Pack and self-encrypting drives, tape archives, Storage Area Networks, virtual workloads, and a growing list of vendors supporting the OASIS Key Management Interoperability Protocol (KMIP) standard.
  • Multiple Key Types: Centrally manages symmetric, asymmetric, secret data, and X.509 certificates along with their associated polices.
  • Full Lifecycle Key Support and Automated Operations: Simplifies the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution and key deactivation and deletion.  SafeNet KeySecure makes automated, policy driven operations easy for tasks such as key expiry and key rotation.
  • Centralized Administration of Granular Access, Authorization Controls and Separation of Duties: Management console unifies key management operations across multiple encryption deployments and products while ensuring administrators are restricted roles defined for their scope of responsibilities. 
  • High-Availability and Intelligent Key Sharing: Deploys in flexible high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.
  • Auditing and Logging:  Centralized management includes detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non-repudiation and can be consumed by leading 3rd party SIEM tools.
  • Next-Generation Solution for NetApp Storage:  The official upgrade for existing NetApp DataFort Encryption Appliance and NetApp Storage Encryption deployed with the NetApp Lifetime Key Manager.
  • Format Preserving Encryption (FPE): Securely encrypts structured data such as credit cards or social security numbers.
  • Infield Software Updates: Ensures easy installation of new features, core software updates and security patches. Additionally you can run older appliances in cluster with new appliances.
 

Model Comparison

 

Supported Technologies

API Support

  • KMIP 1.1, PKCS #11, JCE, MS-CAPI, ICAPI, and.NET

Network Management

  • SNMP v1, v2c, and v3 SNMP (v1, v2, and v3), NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encryption and integrity checked backups and upgrades, extensive statistics

Authentication

  • LDAP and Active Directory

Management Interfaces

  • SafeNet KeySecure Management Console: Graphical user interface (GUI) available via web browser that is capable of high-grade 128-bit encryption. JavaScript must be enabled to access all functionality available through the management console.
  • Command Line Interface (CLI): Command line interface (CLI) available over SSH or directly through the serial console port

Auditing and Logging

  • Cryptographically signed tracking of granular events. Configurable audit trail with local and remote (syslog) logging.

Supported Algorithms

SafeNet KeySecure supports the following public algorithms:

  • AES
  • ARIA
  • DES
  • DESede
  • HMAC-SHA1
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • RC4
  • RSA
  • SEED

Operating System

  • Highly customized, hardened OS
 

Gemalto SafeNet Virtual KeySecure

 
 

SafeNet Virtual KeySecure centralizes cryptographic processing, security policy and key management – all in a FIPS-validated hardened virtual security appliance. It’s an operation and expense-friendly alternative providing scalable key management and secure encryption at remote facilities or cloud infrastructures such as VMware or AWS Marketplace.

Only Gemalto delivers layered encryption for application, database, file, and workload data in a single high-availability solution. SafeNet Virtual KeySecure’s proven cryptographic performance means critical encryption tasks can be offloaded to a dedicated encryption appliance, ensuring data protection efforts do not impede critical IT operations. 

Additionally, SafeNet Virtual KeySecure ensures that organizations maintain ownership of their encryption keys at all times by hardening the appliance OS and encrypting the entire virtual appliance.

 

Highlighted Key Management Features:

  • SafeNet Virtual KeySecure can be hosted anywhere: on a virtual machine such as VMware or rented from a service-- such as AWS Marketplace.
  • Hourly or annual subscription-based offerings are better suited for operating expenditure (op-ex) models, versus capital expenditure models (standard hardware purchases) that require upfront payment.
  • Flexible deployment options can easily scale to provide key management at remote facilities or in cloud infrastructures.
  • Compatibility with the OASIS Key Management Interoperability Protocol (KMIP) standard provides support for a large and growing list of encryption products.
  • Key security policies can be consolidated across multiple, disparate encryption systems, protecting current investments.
  • Centralized, efficient auditing of key management offers simplified compliance for cloud environments and decreases the amount of time spent on compliance mandates.
  • SafeNet Virtual KeySecure’s hardened virtual appliance mitigates security risks typically associated with software-based implementations.
  • Bring Your Own License (BYOL) for AWS Market place enables the purchase of Connector licenses direct from Gemalto.
 

Supported Technologies

API Support

  • KMIP 1.1, PKCS #11, JCE, MS-CAPI, ICAPI, and.NET

Network Management

  • SNMP v1, v2c, and v3 SNMP (v1, v2, and v3), NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encryption and integrity checked backups and upgrades, extensive statistics

Authentication

  • LDAP and Active Directory

Management Interfaces

  • SafeNet KeySecure Management Console: Graphical user interface (GUI) available via web browser that is capable of high-grade 128-bit encryption. JavaScript must be enabled to access all functionality available through the management console.
  • Command Line Interface (CLI): Command line interface (CLI) available over SSH or directly through the serial console port

Auditing and Logging

  • Cryptographically signed tracking of granular events. Configurable audit trail with local and remote (syslog) logging.

Supported Algorithms

SafeNet KeySecure supports the following public algorithms:

  • AES
  • ARIA
  • DES
  • DESede
  • HMAC-SHA1
  • HMAC-SHA256
  • HMAC-SHA384
  • HMAC-SHA512
  • RC4
  • RSA
  • SEED

Operating System

  • Highly customized, hardened OS

MORE INFORMATION

Contact Bangkok System Software, the authorized distributor of this product in Thailand, at Kris, IT Security Solution Manager via 085-552-2333 and krisnawani@bangkoksystem.com for more information, request for presentation and demonstration or price inquiry. You can also visit vendor's website at http://www.gemalto.com.