KYOS

Thales creates CDSP out of Vormetric and KeySecure

Martino Dell'Ambrogio

Martino Dell'Ambrogio

Security Architect

CDSP out of Vormetric and KeySecure

In 2014, when they approached us, Vormetric was already an established company and their Data Security appliance convinced more than a few of our customers, along with our experts, that centralised data encryption and key lifecycle management solutions were to become an essential component of any information system.

By 2016, when one of our oldest partners, Thales, acquired Vormetric we were deploying Data Security Manager 6 everywhere and for a wide range of use cases, although the most recurring was database and shares file encryption with granular access control, or Transparent Encryption.

Thales took good care of the product and their investment resulted in an even larger set of features being introduced to the platform.

Native encryption systems started partnerships to support key management through proprietary TDE libraries, standard PKCS#11 libraries and the KMIP protocol, which has been adopted in many interesting and frequent use cases.

The latest minor versions of DSM even moved to different internal databases for easier clustering, wider APIs for more automation and overall better software quality, but the core of the appliance was starting to show its limits.

Upgrades were increasingly difficult, HSM protection was bound to a single on-prem vendor, API was a challenging XML interface and, after years of layering without refactoring, entirely new features like the management of keys in the cloud and the tokenisation of application data were developed in separate appliances.

In 2019, Thales completed the acquisition of Gemalto, including their flagship encryption and key management system KeySecure, itself previously acquired with Safenet in 2014.

Since then, their strategy has been to make both solutions merge, keep the best for any use case and rewrite the centralised appliance from scratch.

While the concepts didn’t change, nor most protocols and long-proved agents codebase, the appliance technologies of the CipherTrust Data Security Platform, known as the CipherTrust Manager, were well chosen and in just a couple of years every feature equivalent from both Vormetric and KeySecure were met and deployed in production environments all over the world.

This was quickly followed in the latest minor versions of CM 2 by new features, and even entire new categories, like the introduction of data discovery and classification, wider support both for running the appliance in the public cloud and for keeping even stronger control of cloud keys, and a lot more.

For most use cases, migration from Vormetric and KeySecure is usually just a matter of copying key and policy material, upgrading software and switching transparently to CDSP.

Along with a modern REST API, scalable architecture and public documentation, migration projects are being planned everywhere, and for good reason: Thales will discontinue any support to KeySecure by the end of December 2023, and Vormetric by the end of June 2024. (Vormetric Data Security Platform)

Purchase of any new license is also only possible up to a year before, forcing to have at least a valid alternative running in parallel by December 2022 for KeySecure, and June 2023 for Vormetric.

Several of our customers have subsequently decided, for this reason and to access some new needed feature, to deploy CDSP already and migrate the legacy use cases later. (Migration Thales Docs)

It must be mentioned that, for every persistent licence purchased for any previous agent/connector and still under support, the migration of such licence to the CDSP equivalent is free of charge.

KYOS customers have been informed since the earliest public announcements and are at your entire disposal for any question, quote or evaluation need.

More information on this subject?

We are at your disposal!