Chapter – VI: Risk Management | 17. Risk Management Framework | |
(e) “…REs shall seek to ensure the preservation and protection of the security and confidentiality of customer information in the custody or possession of the service provider…” (f) “the RE remains responsible for understanding and monitoring the control environment of all service providers that have access to the RE’s data, systems, records or resources…” | CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection, and control in one platform. CipherTrust Platform provides multiple capabilities for protecting data at rest in files, volumes, and databases. Among them: Data Security Fabric provides a unified view of data across various platforms, enabling auditing across relational, NoSQL, mainframe, big data, and data warehouses. |
(i) “… review and monitor the control processes and security practices of the service provider to disclose security breaches…” | |
Chapter – X: Exit Strategy | |
b) “… safe removal/ destruction of data, hardware and all records (digital and physical), as applicable…” | CipherTrust Enterprise Key Management streamlines and strengthens key management in cloud and enterprise environments, enabling REs to effectively delete encrypted information managed by CSPs. |
Appendix – I | Usage of Cloud Computing Services | |
3. “…Cloud security is a shared responsibility between the RE and the Cloud Service Provider (CSP). REs may refer to some of the cloud security best practices, for implementing necessary controls…” | REs can take control of their cloud security and improve visibility with Thales CipherTrust Cloud Key Management (CCKM). CCKM offers a single pane of glass view for cloud-native users, ensuring protection of time and data. It supports Bring Your Own Key (BYOK) use cases across multiple cloud infrastructures and SaaS applications. Hold Your Own Key (HYOK) enhances REs' control over encryption keys, allowing clear separation of duties and explicit delineation of responsibilities for cloud services activities with CSP. |
6. Cloud Services Management and Security Considerations a. Service and Technology Architecture - “… service and technology architecture supporting cloud-based applications is built in adherence to globally recognised architecture principles and standards…”
| Thales offers integrated encryption and key management solutions to protect cloud-based applications for REs with BYOE and BYOK. - The Bring Your Own Encryption (BYOE) approach provides a separation of duty between REs and CSPs, allowing customers to use their own encryption and key management tools. Thales CipherTrust Transparent Encryption (CTE) and CipherTrust Tokenization offer advanced multi-cloud BYOE solutions for data mobility and centralized encryption key management.
- CipherTrust Cloud Key Management (CCKM) supports Bring Your Own Key (BYOK) use cases across multiple cloud infrastructures and SaaS applications by providing cloud key management automation, key usage logging, and reporting, ensuring strong controls over the encryption key life cycles.
|
- “… secure container-based data management, where encryption keys and Hardware Security Modules are under the control of the RE.”
| Thales Luna Hardware Security Modules (HSM) provide organizations with dedicated hardware for crypto key control, offering a tamper-resistant environment for secure cryptographic processing, key generation, and encryption. |
- “… a standard set of tools and processes to manage containers, images and releases...”
| |
- “Multi-tenancy environments should be protected...”
- “…The architecture should be resilient and enable smooth recovery … across the cloud architecture …”
| CipherTrust Enterprise Key Management is a high-availability appliance that centralizes encryption key management for Thales Data Security Portfolio and third-party encryption solutions. It manages key life-cycle tasks, certificates, and secrets, and offers multi-tenency domains for added security. |
b. Identity and Access Management (IAM) | Thales OneWelcome identity and access management solutions limit the access of internal and external users based on their roles and context. - SafeNet Trusted Access is a cloud-based access management solution that provides commercial, off-the-shelf multi-factor authentication with the broadest range of hardware and software authentication methods and form factors.
- Thales converged badge solutions simplify the management of physical and logical access by consolidating all corporate security applications in a single user's badge.
- The broad list of supported authentication methods meets the needs of a large variety of users and enables organizations to protect all their users and sensitive digital resources.
|
