Contact Us

SafeNet Data Protection On Demand - Services

With an ever-expanding menu of data protection on demand applications at your fingertips, choose the security service you require from a range of options, and integrations including:

Create key material (tenant secrets) for Salesforce and manage your keys and security policies in concert with Salesforce Shield across their lifecycle

A key broker enables you to retain control of your keys and align your key management policies across environments. A key broker serves as a custodian of keys, providing a consolidated key management directory to manage, search and audit all keys. Using the Key Broker On Demand, you can design and enforce policies, helping to ensure compliance. To further ensure the security and privacy of your data, you can Bring Your Own Key (BYOK) within the SafeNet Data Protection On Demand service in the cloud. Providing a service layer (GUI/API), Key Broker On Demand enables you to create key material (Salesforce tenant secret) for Salesforce and to manage your keys in concert with Salesforce Shield across their lifecycle. Now you can use and manage your keys across Salesforce and supported applications, providing much needed security policy enforcement, essential audit capability and reducing administration overhead while naturally ensuring your data is always protected.

Set up a certified key vault for applications or integration requirements using your own HSM on demand service

Key vaults are a secure and trusted mechanism used to protect cryptographic keys and secrets. You can use your Key Vault to generate and/or store cryptographic keys, establishing a common root of trust across all applications and services. You can also use your key vault to perform cryptographic operations such as encryption/decryption of Data Encryption keys, protection of secrets (passwords, SSH keys, etc.), and more.

Secure private keys belonging to Certificate Authorities responsible for establishing PKI trust hierarchy.

Encryption keys are generally stored locally with the database for performance and scalability reasons but this introduces the challenge of how to protect the encryption keys that were used to encrypt the data. The solution is to encrypt the local encryption keys, commonly referred to as Data Encryption Keys (DEK) with a Key Encryption Key (KEK) or Master key that resides in the HSM On Demand service key vault. This ensures that only authorized services are allowed to request the DEK to be decrypted. If an attacker steals the database, the content of the database is encrypted and inaccessible as the attacker does not have access to the Oracle TDE Database Key Vault where the KEK is kept.

Digitally sign the author of software and firmware packages or electronic documents in order to ensure the integrity of the sender.

Digital Signatures are used to establish the identity of the publisher of documents, software and firmware packages and also used to prove the integrity of the signed data. Digital signing enables the recipient of the package to trust the Digital Signature that was applied to the update. If an attacker was able to compromise the digital signature keys, they would have the ability to impersonate the original author/publisher and create their own malicious updates (malware) that would be inherently trusted by the recipient since they trust the Digital Signature associated with the author/publisher. This could affect software security patches or hardware appliances such as routers for example. Using your own Digital Signing service within SafeNet Data Protection On Demand, you can protecting the private keys associated with your signing application in a HSM service to avoid the private keys from being stolen or compromised.

Ensure that Oracle TDE database data encryption keys are encrypted with a master key that resides within the HSM On Demand service for optimal performance and scalability

Encryption keys are generally stored locally with the database for performance and scalability reasons but this introduces the challenge of how to protect the encryption keys that were used to encrypt the data. The solution is to encrypt the local encryption keys, commonly referred to as Data Encryption Keys (DEK) with a Key Encryption Key (KEK) or Master key that resides in the HSM On Demand service key vault. This ensures that only authorized services are allowed to request the DEK to be decrypted. If an attacker steals the database, the content of the database is encrypted and inaccessible as the attacker does not have access to the Oracle TDE Database Key Vault where the KEK is kept.

SafeNet Data Protection On Demand from Gemalto provides you with security you can trust:

Secure Cloud Data
  1. Isolate keys and signing operations from certificate authorities, host platforms, and operating systems.
  2. Automate otherwise manual key lifecycle control and processes.
  3. Auto scale to unlimited number of services.
  4. Proven reliability.
  5. Set up a security service in under 5 minutes.