Last updated: 13 December 2018
Data protection is more challenging now than it ever has been. The emergence of virtualization and cloud services, for instance, has made it difficult for organizations to uniformly safeguard their information across their IT environments. At the same time, companies must contend with advanced threats that continue to grow in number and sophistication.
Acknowledging these challenges, perhaps the best way that organizations can keep their information safe is for them to adopt a data-centric approach. This type of strategy involves companies using encryption that’s capable of providing persistent protection of sensitive data at all critical points in its lifecycle. Such protection is incomplete if organizations can’t use key management to create, distribute, store, rotate and revoke/destroy cryptographic keys as needed.
Digital security company Gemalto understands these benefits of encryption and key management. It also realizes that companies don’t always have the necessary budget or know how to buy, deploy and maintain hardware in pursuit of these security controls, and sometimes, even when they do, they choose not to because it’s not their core competency. Hence its decision to create SafeNet Data Protection On Demand, a cloud-based platform through which companies can click and deploy cloud-based HSM, key management and encryption services without the need for additional hardware, or expertise.
Gemalto has maintained from the beginning that SafeNet Data Protection On Demand can save customers time and money with its many features, which include the ability to set up a certified cloud-based HSM service and to digitally sign software and firmware packages or electronic documents. To prove this point, the security company decided to subject its solution to a rigorous review by IAIT Test Laboratory. Dr. Götz Güttich, a well-respected senior IT consultant and editor, led a team of German IT specialists in their analysis of SafeNet Data Protection On Demand.
For the review, Gemalto made available to the researchers a test account through which they could explore the solution’s functionality. Dr. Güttich and his colleagues used that account, in turn, to create several test users and activate various services to secure their test data. In particular, they directed their efforts towards evaluating the management and configuration of the solution’s six key services: “HSM On Demand for Digital Signing,” “HSM On Demand for Hyperledger,” “Key Vault/HSM On Demand,” “HSM On Demand for Oracle TDE Database,” “Key Broker On Demand for Salesforce” and “HSM On Demand for PKI Private Key Protection.”
In the course of their analysis, Dr. Güttich and his team did come across an issue in configuring the Certificate Authority under the “PKI Private Key Protection” service. The issue specifically involved selecting a Cryptographic Service Provider (CSP) from Gemalto from a corresponding dropdown menu. Gemalto worked with the researchers to provide support so that Dr. Güttich and his colleagues could proceed with their investigation. The security firm also revised its configuration tools in the meantime to permanently resolve the issue.
But that one bug didn’t detract from the research team’s overall impressions of SafeNet Data Protection on Demand. As it explained in its summary report:
With SafeNet Data Protection on Demand, Gemalto offers an exceedingly interesting service which has the potential to also make code signing, encryption and key management available to companies for which the necessary efforts and the associated costs had previously been too much. Users of this service do not need to purchase and administrate any special hardware, and all clients pay only for the services they actually use. SafeNet Data Protection on Demand can also be a big help toward achieving GDPR conformity (in the context of the “right to be forgotten”) because stored data and keys can simply be erased whenever desired.
The researchers went on to say that the solution was “comparatively quick to set up and relatively simple to use,” with Gemalto’s technical support “convincingly good.” This finding explains what Gemalto has known all along: SafeNet Data Protection on Demand provides companies with an easy-to-use and affordable option for fulfilling their encryption and key management needs.