THALES BLOG

OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service

July 30, 2024

Alex Hanway Alex Hanway | Director of Business Development More About This Author >

Oracle stands apart by offering a comprehensive suite of services across all its cloud delivery models, from Oracle Alloy and Dedicated Region Cloud@Customer to its standard Public Cloud service. Regardless of the means of delivery or usage, security, and regulatory compliance are significant hindrances to cloud adoption. These concerns are particularly pressing for large enterprise clients traditionally relying on Oracle's database expertise to safeguard their most sensitive data. The pivotal Thales and Oracle external key management partnership directly addresses the challenge of securely storing data in the cloud in a manner that instills trust in large enterprises.

Continuing in its efforts to innovate for Oracle customers, we at Thales are excited to announce that organizations can now use Thales’ CipherTrust Data Security Platform as a Service (CDSPaaS) with Oracle Cloud Infrastructure (OCI) Vault’s External Key Management Service (EKMS) for full Hold Your Own Key (HYOK) encryption key management. Now customers can be in full control of their OCI keys without having to deploy hardware in their own data center as well as meet their data sovereignty needs.

Overview of CipherTrust Data Security Platform as-a-Service

Until this announcement, businesses have had the option to externally manage their OCI encryption keys by using Thales’ CipherTrust Cloud Key Management (CCKM) as either a physical appliance or virtual machine or sometimes arrayed in a hybrid or multi-cloud architecture. Now, with OCI Vault EKMS support available on the CipherTrust Data Security Platform-as-a-service (CDSPaaS), Thales offers a cloud-based service offering to the mix. Customers should have the choice of how and where they store their encryption keys. And now, they can do just that fully with Thales’ CipherTrust Data Security Platform.

The same underlying CCKM technology from our appliances underpins CDSPaaS. CCKM centralizes the management and storage of cloud encryption keys (from a broad array of CSP (Cloud Service Providers) vendors including Oracle Cloud Infrastructure) as organizations migrate their sensitive data to the cloud. With a single pane of glass view across regions, the CCKM functionality on CDSPaaS consolidates Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) use cases for customers in one straightforward interface to drive greater efficiency and more easily comply with data protection mandates, such as GDPR, Schrems II and the Data Privacy Framework (DPF).

CDSPaaS for OCI Vault EKMS is available to customers via Thales’s Data Protection on Demand (DPoD) Marketplace, a cloud-based online marketplace providing a wide range of cloud HSM (Hardware Security Modules), key management and encryption services. FIPS 140-2 Level 3 certified Luna Cloud HSMs (Hardware Security Modules) hosted in the Thales’ DPoD data centers secure the keys for each CDSPaaS subscription. The service automatically scales to meet the demands placed on it, so customers enjoy the high availability and resilience customary to the cloud. With a 30-day free trial, you can test it now.

Benefits of the Service

  • Save time and effort by simplifying security management: Organizations avoid the procurement, configuration, and management cycles involved with purchasing hardware when they subscribe to CDSPaaS. Using Thales’ cloud-based DPoD service, organizations get to value faster with their OCI investments while also side-stepping the administrative costs associated with on-premises and siloed key management.
  • Spread out capital investment costs: CDSPaaS subscriptions allow customers to fund their purchase over multiple years instead of experiencing heavy upfront capital expenditures. Thales’ subscription model allows customers to plan their spending in a consistent, reliable manner rather than having to budget inconsistent, one-time expenses.
  • Scale when and how you need: CDSPaaS allows customers scale their requirements when they need it. Rather than purchasing hardware and capacity that organizations will need to grow into, CDSPaaS allows customers to add capacity on-demand as they add OCI Vault tenants for a just-in-time approach to meet their business demands more cost-effectively and to reduce their carbon footprint.
  • The solution allows customers to address important compliance obligations by remaining in control of their data/encryption keys as their data resides in the cloud. More specifically, it allows European customers to ensure that their data safely resides within the EU under the control. Oracle Addresses European Data Privacy and Sovereignty Requirements with New EU Sovereign Cloud

Conclusion

Enterprises should have the tools to control their data however they see fit. Working with Oracle, we are excited to make this aspiration a reality. Some of the world’s most sensitive data resides in Oracle databases. Together with Oracle, we are making OCI not only possible, but convenient, for these customers and their most important data.

Try A Free Trial

CipherTrust Data Security Platform-as-a-service is available now, and businesses can sign up for a 30-day free trial through the Thales Data Protection on Demand (DPoD) Marketplace by following these three easy steps:

1) Sign up for a DPoD Marketplace account.

2) Select the CDSP (CipherTrust Data Security Platform) service on the DPoD Marketplace and fill in the requested information.

3) Log in and get started with no commitments.

To learn more read the product brief or contact one of our experts here.