CipherTrust Flex Bundle Connector

CipherTrust Transparent Encryption is used as a basic layer of data-at-rest protection that combines strong encryption, strict access control, and detailed audit trails to secure sensitive information across the organization, minimize operational costs, and ensure compliance with regulations and laws.

Main areas of use in the organization

1. Transparent data protection
   CTE encrypts files at the file system or volume level, with the encryption and decryption process transparent (invisible) to users and applications accessing the data.
   1. Data-at-rest encryption: Provides continuous file-level encryption to protect data on local drives, shared network storage (CIFS/NFS), in Big Data environments (Hadoop), and in cloud storage (e.g. Amazon S3, Azure Files).
   2. Zero-Downtime Data Transformation: Allows you to encrypt, decrypt, or change encryption keys for data that is currently in use without having to shut down applications (Live Data Transformation).
2. Granular Access Control
   CTE implements detailed access control policies that go beyond standard operating system permissions. This ensures that only authorized users, processes, or applications can access data, and only under defined conditions.
   1. Privileged User Protection: Prevents data misuse by IT administrators who would otherwise have access to unencrypted files. For example, an administrator can manage encrypted files (see metadata), but not decrypt them and read their contents.
   2. Policy Definition: Policies can be defined based on:
      1. Who (user/group from LDAP/Active Directory).
      2. What (which file, directory, or file type).
      3. When (time limit).
      4. How (by which process or application).
   3. Meeting Regulatory and Compliance Requirements
      Most regulations (e.g. GDPR, PCI DSS, HIPAA) require encryption of sensitive data and detailed records of access to it. CTE helps organizations meet these requirements.
      1. Audit Logging: Creates a detailed, central, and immutable audit trail of all attempts to access protected data, whether granted or denied. These logs are essential for demonstrating compliance and security analysis.
      2. Separation of Duties: Separates responsibilities between data administrators (who have access to the data) and security administrators (who manage encryption keys and policies).
   4. Central Key Management
      CTE is an integral part of the CipherTrust Data Security Platform and utilizes central key management through CipherTrust Manager.
      1. Centralization and Robustness: All encryption keys and security policies are stored and managed on a central, secure device (often a FIPS 140-2 certified HSM), eliminating the risk of key leakage on individual servers.
      2. Key Lifecycle: Enables easy management of the entire key lifecycle, including key rotation (regular replacement).
   5. Support for various environments
      CTE is designed to protect data no matter where it is located, which is essential for hybrid and multi-cloud environments.
      1. Multi-Platform: Supports a wide range of operating systems (Linux, Windows, Unix) and database platforms (including data and log volume protection e.g. for SAP HANA).
      2. Cloud and Big Data: Extends data protection to cloud environments and Big Data systems (such as Hadoop and containers e.g. Kubernetes).

This is a standalone connector, without the CipherTrust Manager the connector itself is not functional. The price includes one year of Thales Enhanced Maintenance.