Secure Sensitive Data and Applications on Tanzu Application Service

Compatible with TAS

Compatible with TAS
Can be consumed by apps on TAS

Compatible with TKGI
Can be consumed by apps on TKGI

Compatible with Standalone TKGI
Runs on TKGI with no dependency on TAS

Store, protect and manage your cryptographic keys in Thales Luna Hardware Security Modules (HSM), Thales’ high-assurance, tamper-resistant, network-attached crypto security appliances. Easily integrate Luna HSMs into your applications running on VMware Tanzu Application Service and with Credhub to serve as a root of trust and secure the cryptographic key lifecycle.

Meet compliance and regulatory requirements

Address requirements for data control, external key management, and hardware key storage outlined in such mandates as: GDPR, CCPA, eIDAS, FIPS 140, Common Criteria, HIPAA, and PCI-DSS.

Stronger security through hardware key storage

FIPS 140-2 Level 3 validated hardware appliances offer encryption keys physical security in addition to logical protections throughout the cryptographic lifecycle.

Scale security for virtual and cloud environments

Luna Network HSMs can divide into 100 cryptographically isolated partitions, each acting as an independent HSM capable of securing hundreds of independent applications.

Thales Overview

The people you rely on to protect your privacy rely on Thales to protect their data. When it comes to data security, organizations are faced with an increasing number of decisive moments. Whether the moment is building an encryption strategy, moving to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation. Decisive technology for decisive moments.

More about Thales


Fonctionnement

Organizations can add Thales Luna Network HSMs as a service available to either applications on the Tanzu Application Service or to Tanzu Credhub using a TAS Java buildpack. Pivotal’s work in integrating the Thales Luna Network HSM client via the Java buildpack removes much of the complexity of installing an HSM, and requires only that the developer correctly set up and register an HSM partition.

Integration Features: Thales Luna Network HSMs preserve the integrity of the certificates and secrets developers use to secure their applications and the Tanzu platform. Whether those secrets are used to sign transactions, identify an application, or secure a Credhub instance, HSMs serve as a trusted foundation for any cryptographic framework.

Key features for Thales Network HSMs include:

  • Multiple roles for administration (e.g. Security Owner, Crypto Owner, Crypto User) to improve oversight
  • Strong separation of duties ensure that application developers never have access to sensitive data in cleartext
  • Partitioning and strong cryptographic separation allow for secure scalability
  • Secure audit logging records all cryptographic changes and transactions to improve security and compliance reporting
  • Multi person MofN with multi-factor authentication ensure that no single administrator can affect changes or view cleartext data
  • High performance with over 20,000 ECC and 10,000 RSA operations per second for high performance use cases
  • Luna utilization metrics (QOS) tool lets customers monitor and maintain continued encryption/decryption operations as applications are run in production.



Let’s talk.

Contact us about Thales Luna HSM.

Merci de l'intérêt que vous nous portez !

Nous vous contacterons très rapidement.

Merci de l'intérêt que vous nous portez !

Nous vous contacterons très rapidement.

En savoir plus