Contact Us

Cloud Based Security as a Service

Cloud based platform and services offered by SafeNet Data Protection on Demand

With an ever-expanding menu of cloud based security applications at your fingertips, select the cloud-based security services you require from a range of options, and integrations including:

Create key material (tenant secrets) for Salesforce and manage your keys and security policies in concert with Salesforce Shield across their lifecycle

A key broker enables you to retain control of your keys and align your key management policies across environments. A key broker serves as a custodian of keys, providing a consolidated key management directory to manage, search and audit all keys. Using the Key Broker On Demand, you can design and enforce policies, helping to ensure compliance. To further ensure the security and privacy of your data, you can Bring Your Own Key (BYOK) within the SafeNet Data Protection On Demand service in the cloud.

Providing a service layer (GUI/API), you can create key material (Salesforce tenant secret) for Salesforce with Key Broker On Demand. Once you have created the key material (tenant secrets), you can manage your keys in Salesforce shield.  

Now you can ensure your data is always protected. Use and manage your keys across Salesforce and supported applications, providing:

  • security policy enforcement
  • essential audit capability
  • administration overhead reduction
Set up a certified key vault for applications or integration requirements using your own HSM on demand service

Key vaults are a secure and trusted mechanism used to protect cryptographic keys and secrets. Use your Key Vault to generate and/or store cryptographic keys, establishing a common root of trust across all applications and services. Your key vault can also perform cryptographic operations such as encryption/decryption of Data Encryption keys, protection of secrets (passwords, SSH keys, etc.), and more.

Secure private keys belonging to Certificate Authorities responsible for establishing PKI trust hierarchy.

In a public key infrastructure (PKI), PKI root keys are the private keys belonging to the Certificate Authority (CA) responsible for establishing the PKI trust hierarchy. Root Certificate Authorities are the anchor of trust in PKI deployments and compromise of the CA keys would compromise the entire PKI trust hierarchy (i.e. Root CA signs the Sub-CA certificates which are used in turn to sign user and device certificates), leaving your data at risk and vulnerable to un-authorized access. Using PKI Private Key Protection establishes trust by protecting your private keys, which are generated, stored and used within the confines of your dedicated HSM service for the highest security.

Digitally sign the author of software and firmware packages or electronic documents to ensure the integrity of the sender.

Digital Signatures are used to prove the integrity of the signed data and establish the publisher’s identity of:

  • documents
  • software
  • firmware packages

Digital signing ensures the recipient of the package can trust the Digital Signature that was applied to the update. If an attacker was able to compromise the digital signature keys, they would also have the ability to impersonate the original author/publisher and create their own malicious updates (malware). These would be inherently trusted by the recipient since they trust the Digital Signature associated with the author/publisher. This could affect software security patches or hardware appliances such as routers. Using your own Digital Signing service within SafeNet Data Protection On Demand, you can protect the private keys associated with your signing application in an HSM service to avoid the private keys from being stolen or compromised.

Ensure that Oracle TDE database data encryption keys are encrypted with a master key that resides within the HSM On Demand service for optimal performance and scalability

Encryption keys are generally stored locally with the database for performance and scalability reasons but this introduces the challenge of how to protect the encryption keys that were used to encrypt the data. The solution is to encrypt the local encryption keys, commonly referred to as Data Encryption Keys (DEK) with a Key Encryption Key (KEK) or Master key that resides in the HSM On Demand service key vault. This ensures that only authorized services are allowed to request the DEK to be decrypted. If an attacker steals the database, the content of the database is encrypted and inaccessible as the attacker does not have access to the Oracle TDE Database Key Vault where the KEK is kept.

SafeNet Data Protection On Demand from Gemalto provides you with security you can trust:

Secure Cloud Data
  1. Isolate keys and signing operations from certificate authorities, host platforms, and operating systems.
  2. Automate otherwise manual key lifecycle control and processes.
  3. Auto scale to unlimited number of services.
  4. Proven reliability.
  5. Set up a security service in under 5 minutes.
SafeNet Data Protection On Demand Services Solution Brief

SafeNet Data Protection On Demand Services Solution Brief

With SafeNet Data Protection On Demand, security is made simpler, more cost effective and easier to manage because there is no hardware to buy, deploy and maintain. Just click and deploy the protection you need, provision services, add security policies and get usage reporting in minutes.

View the Solution Brief