Thales offers a number of solutions based upon their high-assurance Luna HSMs and Luna Cloud HSMs (Data Protection on Demand), to secure and protect your data in Google Cloud. With Thales, enterprises have the flexibility to leverage cloud services, the ability to both own and control their encryption keys, and reduce the risk of unauthorized data access. The “Thales High Assurance Protection Strategies for Google Cloud’ solution brief below, provides an overview of the different encryption key generation, management and protection options available to Google Cloud users using Luna HSMs including: Customer-Managed Encryption Keys (CMEK), Customer-Supplied Encryption Keys (CSEK) and the new Google Cloud EKM service.
|Thales High Assurance Protection Strategies with Thales HSMs for Google Cloud Platform - Solution Brief|
|Google Cloud Protection with Thales Luna Network HSM Integration Guide|
CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organizations to follow security and key management best practices while leveraging the power of Google Cloud for compute and analytics. Organizations are able to securely create and control their own encryption keys separate from where their sensitive data is being hosted. By generating their own encryption keys using CipherTrust Key Broker, organizations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment. Organizations hold their master keys in a Thales Luna Cloud HSM (Data Protection on Demand), which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust, and ensures separation between data and encryption keys, helping to fulfill compliance and security requirements.
|Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief|
The Google Cloud Key Management System (KMS) offers 'Bring Your Own Key (BYOK)' API’s via the Customer-Managed Encryption Keys (CMEK) facility. Google KMS supports a wide range of Google Cloud products. To enable your organization to manage encryption keys across multiple cloud providers including Google Cloud, CipherTrust Cloud Key Manager from Thales provides multi-cloud key lifecycle management for Google CMEK, along with a range of other providers. Read the product brief.
|CipherTrust Cloud Key Manager - Product Brief|
Google Cloud Storage offers worldwide data storage and retrieval at any time using a simple programming interface that allows developers to take advantage of fast and reliable networking infrastructure and is encrypted by default. CipherTrust Application Data Protection includes Bring Your Own Key (BYOK) solutions that integrate with the Customer-Supplied Encryption Key (CSEK) facility for Google Cloud Storage to manage the encryption keys used for storage encryption. This integration enables centralized encryption key management on CipherTrust Manager for streamlined key administration.
Google Apps is a service that provides independently customizable versions of Google web applications, such as Gmail, Google Calendar, Docs, and Drive to enterprise customers. The SafeNet Trusted Access uses SAML to integrate with Google Apps to provide two factor authentication for secure identity verification.
Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.
Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.
Resources and Additional Information:
SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).
For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.