PIPEDA compliance

Canada’s Privacy Guide for Businesses, the Canadian Government’s guide for PIPEDA compliance, says this about using appropriate safeguards:

Use appropriate security safeguards to provide necessary protection. These can include:

• Physical measures (e.g. locked filing cabinets, restricting access to offices and alarm systems);
• Up-to-date technological tools (e.g. passwords, encryption, firewalls and security patches); and
• Organisational controls (e.g. security clearances, limiting access, staff training and agreements).

Thales can help your organisation comply with PIPEDA.

Best practice data security

Thales is a leader in digital security and, having helped hundreds of enterprises comply with regulatory regimes around the world, we recommend key best practice data protection technologies called for in virtually every set of regulations. These include:

• Data access control
• Encryption and tokenisation (pseudonymisation) of data at rest
• Encryption of data in motion
• Encryption key management
• Keeping and monitoring user access logs
• Using hardware security modules (HSMs) for executing encryption processes and protecting encryption keys

Data access control

Thales’ CipherTrust Manager enables organisations to limit user access to information systems that contain sensitive Information.

SafeNet Trusted Access is a cloud-based access management service that combines the convenience of cloud and web single sign-on (SSO) with granular access security. By validating identities, enforcing access policies and applying Smart Single Sign-On, organisations can ensure secure, convenient access to numerous cloud applications from one easy-to-navigate console.

Adding SafeNet certificate-based authentication (CBA) smart card solution as an integral part of IT infrastructure, significantly improves client logon security by requiring multi-factor authentication. Adding multiple factors ensures secure login to workstations and enterprise networks, eliminates complex and costly passwords and significantly reduces help desk calls. The smart card enables easy and reliable visual identification of the card holder and strong communication around corporate identity. Furthermore, the certificate-based solution is fully integrated in a Windows environment when using applications from Microsoft.

With Thales Authentication and Access Management solutions, you can leverage a unified authentication infrastructure for both on-premises and cloud-based services — providing a centralised, comprehensive way to manage all access policies. Users can log into enterprise cloud services such as Office 365, Salesforce.com or GoogleApps through an organisation’s existing SafeNet authentication mechanisms.

Encryption and tokenisation of data at rest

Thales' CipherTrust data security platform provides key components necessary to implement data-centric security. These include security controls that enable organisations to safeguard and audit the integrity of customer records and information against a broad range of threats against data. Thales data breach protection solutions are transparent to existing operating processes and applications for rapid implementation.

This single platform solution to multiple data breach protection helps organisations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.

Thales’ CipherTrust transparent encryption solution protects data with file and volume level data-at-rest encryption, access controls and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by CipherTrust Manager.

CipherTrust tokenisation dramatically reduces the cost and effort required to comply with security policies and regulatory mandates, such as CCPA. The solution delivers capabilities for database tokenisation and dynamic display security. Enterprises can efficiently address their objectives for securing and pseudonymising sensitive assets — whether they reside in data centre, big data, container or cloud environments.

CipherTrust application data protection delivers key management, signing and encryption services enabling comprehensive protection of files, database fields, big data selections or data in platform-as-a-service (PaaS) environments. The solution is FIPS 140-2 Level-1 certified, based on the PKCS#11 standard and fully documented with a range of practical, use-case based extensions to the standard. It eliminates the time, complexity and risk of developing and implementing an in-house encryption and key management solution with development options, including a comprehensive traditional software development kit for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.

Encryption of data in motion

A powerful safeguard for data in motion, Thales high-speed encryptors deliver high-assurance certified data in motion encryption capabilities that meet secure network performance demands for real-time low latency and near zero overhead to provide security without compromise for data on the move across the network.

Encryption key management

Thales’ CipherTrust enterprise key management unifies and centralises encryption key management on premises and provides secure key management for data storage solutions. Cloud Key Management products include the CipherTrust Cloud Key Manager for centralised multi-cloud key life cycle visibility and management with FIPS-140-2 secure key storage and Cloud Bring Your Own Key.

User access logs

The CipherTrust platform’s security intelligence logs let your organisation identify unauthorised access attempts and build baselines of authorised user access patterns. CipherTrust security intelligence integrates with leading security information and event management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorised access attempts. It also provides all the data needed to specify behavioral patterns required to identify suspicious use by authorised users, as well as for training.

Hardware security modules

Thales Luna hardware security modules (HSMs) provide the highest level of encryption security by always storing cryptographic keys in hardware. Thales HSMs provide a secure crypto foundation, because the keys never leave the intrusion-resistant, tamper-evident, FIPS-validated appliance. Strong access controls prevent unauthorised users from accessing sensitive cryptographic material, because all cryptographic operations occur within the HSM. In addition, Thales implements operations that make the deployment of secure HSMs simple, and our HSMs are integrated with SafeNet Crypto Command Centre for quick and easy crypto resource partitioning, reporting and monitoring.

The award winning Thales data protection on demand solution is a cloud-based platform that provides a wide range of cloud HSM and key management services through a simple online marketplace. These include HSM on demand and Key Management on demand.