KMIP Key Management with Vormetric Data Security Manager Controlling your keys with Thales eSecurity

9 Object types catering for many more security objects include: What does KMIP do? Key Material & Metadata Transport Security Applications or Appliances KMIP Key Management Server Create, Register, Locate and Retrieve Encryption Keys Many extended services: Encrypt, Decrypt, Signing, Split-Keys, etc. Supports Symmetric Keys, Asymmetric Keys, Certificates, Signing, etc. Rich metadata for essential cryptographic management Much more than just add, modify & delete The KMIP specification includes an incredibly broad range of capabilities for full lifecycle management of security objects, with almost unlimited extensibility through a flexible, yet interoperable attribute model. 46 Operations (much more than just add, modify & delete) enables Security Appliances/Applications to perform tasks including: Encryption, Decryption, Authentication, Certification, Signing, Verification and Split-Key operations. 9 Object types catering for many more security objects include: Certificate, Certificate Request, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key 54 Attributes to represent information (meta-data) about each Object under management

KMIP Deployed in Solutions KMIP solutions are deployed across in all industry sectors, delivering management of security objects for: Cloud Storage Identity Management Financial systems Automotive Healthcare Email Provisioning and supply chain PKI Communications Authentication Defense

KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations 8 client implementations 9 Server Implementations >33,000 successful test runs 72 test combinations 4 encodings 9 KMIP Technical Committee members testing 17 implementations 8 Client Implementations 9 Server Implementations Over 33,000 successful test runs 72 Test combinations across 4 encodings

About Thales

Thales Group – global leadership N°1 worldwide Payloads for telecom satellites Air traffic management Sonars Security for interbank transactions N°2 worldwide €15 billion in revenues Rail signalling systems In-flight entertainment Military tactical radio comms N°3 worldwide Commercial avionics Civil satellites Military radars

Thales eSecurity – world leader in data protection 40+ 9 80% Years of securing the world’s most sensitive data Protection of the world’s POS transactions Customers of Fortune 10 130+ Security for 19 of the 20 largest banks Deep expertise and track record in applied cryptography Partnerships with leading technology providers of cloud computing, digital payments and more Security for 4 of the 5 largest energy companies Long-standing history of industry certifications and validation

Thales eSecurity 5 product lines nShield Hardware Security Modules  payShield Hardware Security Modules  DataCryptor Hardware Network Encryption  Vormetric Data Security Platform CipherTrust Cloud Key Manager

Vormetric DSM KMIP Key Management

Vormetric Data Security Manager Available as: Virtual Appliance, FIPS 140-2 Level 1 V6000, FIPS 140-2 Level 2 hardware appliance V6100, FIPS 140-2 Level 3 Includes nShield Solo PCIe card

Vormetric DSM Unified Key Management Vormetric TDE Key Agent KMIP Server License KMIP Encrypted Databases Key management for native encryption Self-encrypting drives, tape libraries, other storage Key management for native TDE Oracle and MS SQL databases Vormetric Data Security Manager Vormetric Application Encryption Vormetric Vault Storage for Keys and Certificates Multi-purpose applications FIPS-certified storage Key management for wide variety of applications Symmetric Asymmetric Certificates The products that support these solutions fall into these categories: KMIP, where, typically, a storage company offers native encryption but the end customer wants strong, secure, centralized key management Customers using the Oracle or SQL native encryption, and, again, wanting strong, secure, centralized key management Customers with home-grown or custom applications looking for a vault to store their keys and certificates And finally, these same customers who want key management for their applications. In this case they’ll use a portion of the capabilities available in VAE. MK comment: For the last bullet I would add that VAE also comes with crypto APIs and customers can additionally leverage that.

Thales eSecurity key management for KMIP Stronger than native key management Data storage vendors, Big Data Shipping KMIP v1.4 Demonstrating v2.0 Centralizes keys, separate from data and workloads Extensible platform solution Vormetric KMIP Client License Variety of KMIP environments Vormetric Data Security Manager as KMIP Server Storage solutions Self- encrypting drives Big data NO SQL Key Management Interoperability Protocol  WEF view again emphasizing potential of process improvement and stressing application to select use cases. DLT/Blockchain won’t fix or improve the world as a whole but it can have significant positive impact in specific use cases where processes can be improved.

What we’re demoing at RSA 2018 KMIP version 2.0 support Managing KMIP objects Managing attributes of KMIP objects Client/server communication to create, register, locate and retrieve KMIP objects in more than 200 test cases KMIP v1.4 is generally available today

Thales eSecurity KMIP Partners Partial list of qualified and in-flight partners Many organizations are relying on KMIP to ensure management and visibility of their security object It remains the default standard for full lifecycle security object management

Thank You

KMIP for VMware Vmware vCenter vSAN Storage Joint value prop KEK – KMS provides Key Encryption Key Protected by customer’s Key Management Server Joint value prop DEK – ESXi Generated Data Encryption Protected by a KMS Key Encryption Key Encryption Simplified key management Compliance High availability Quick and seamless scalability Multitenant operations VM Data Protected by an ESXi generated internal Key that is encrypted by the KMS key https://www.whatmatrix.com/blog/wp-content/uploads/2016/11/VM-encryption-details.jpg

The Vormetric Data Security Platform Platform is extensible to many applications. KC This slide shows the familiar Vormetric solution platform, which is a collection of many products that serve multiple use cases for data protection and enterprise key management. Customers usually start with one or two use cases and then expand to others, which is the value that the platform brings to our customers. Today’s session will include products primarily in the Key Management category but also within App Encryption, and KMaaS for BYOK solutions.