Thales Blog

You can now implement and maintain encryption with minimal impact

February 8, 2022

Nisha Amthul Nisha Amthul | Senior Product Marketing Manager More About This Author >

Technologies such as IoT, cloud, edge computing, and AI can drastically improve business service and operations. However, their integration raises challenges around security, privacy, and the reliability of the underlying infrastructure. This, in turn, requires the protection of a strong cybersecurity architecture. Encryption is best practice to ensure cybercriminals do not gain access to your business’s sensitive data. But deployment and management of encryption generally incur downtime.

The challenge of downtime

Because the 24x7x365 nature of business today makes the availability of critical resources essential to the success of an organization, downtime is disruptive and its costs are substantial. According to a Statista survey, 25 percent of respondents from across the globe reported the average hourly downtime cost of their servers was between $301,000 and $400,000. Most of this downtime is generated by initial encryption and re-keying data sets.

Initial encryption

With a large dataset, the process of initially converting from clear-data text to ciphertext typically means applications using the data must be taken off-line during the initial conversion process. Even when state-of-the art cloning and synchronization techniques are used, there is substantial downtime. For mission critical applications required to run with “five nines” of uptime, this can result in failure to meet SLAs, operational disruptions, and loss of revenue.

Re-keying of data sets

Best practices and compliance regimes frequently require encrypted data be re-keyed with a new encryption key at specified intervals. This operation typically requires a large maintenance window and disruption similar to that which occurs when initially encrypting the data. The result is IT, compliance, and security teams face tough decisions balancing security, availability, uptime, and levels of compliance.

Encryption with zero-downtime

CipherTrust Transparent Encryption from Thales encrypts data with minimal disruption, effort, and cost. Its transparent architecture enables security organizations to implement encryption without changing application, networking, or storage architectures. CipherTrust Live Data Transformation builds on these advantages, offering patented capabilities that deliver breakthroughs in availability, resilience, and efficiency. The solution enables administrators to encrypt data without downtime or disruption to users, applications, or workflows. While encryption is underway, users and processes continue to interact with databases or file systems as usual, because the process is transparent to users and applications independent of the size and scale of the deployment.

CipherTrust Live Data Transformation achieves this through:

CPU resource management

Encrypting large data sets can require significant CPU resources for an extended time. Live Data Transformation provides sophisticated CPU management rules to enable administrators to balance resources between encryption and other CPU operations.

Versioned backups and archives

With key versioning management, CipherTrust Live Data Transformation ensures efficient backup and archive recovery to enable more immediate access.


By storing encryption metadata with the target files or database volumes, CipherTrust Live Data Transformation is resilient in the face of storage failures, system issues, or network downtime. Any interrupted encryption process will seamlessly recover without needing the entire process to restart.

Expansion to NAS

CipherTrust Transparent Encryption Live Data Transformation enables encryption and rekeying with unprecedented uptime and efficiency by eliminating planned downtime and labor-intensive data cloning and synchronization. Thales customers have relied on CipherTrust Transparent Encryption for over a decade, and we are now expanding this proven technology to work with Network Attached Storage (NAS) - CIFS & NFS shares.

For more information on how to implement and maintain encryption with minimal impact watch our CipherTrust Transparent Encryption Live Data Transformation video.