Skip to main content
Image
purple hex pattern

Protect sensitive data and provide selective access depending on users, their roles, and their entitlements

Application-level encryption can be policy-based and geared to specific data protection mandates such as PCI DSS. It can provide targeted protection that is invoked only when necessary. Application level protection can be tightly managed and supervised with dual controls and other layers of procedural protection that, taken together, support compliance reporting obligations.

Challenges

Protecting Keys

Attackers can use development tools, intended for tasks such as application monitoring or debugging, to gain access to encryption keys or simply to turn off application encryption, unlocking information within the application.

Using Pre-certified Cryptographic Implementations

Developers adding encryption to applications are often tempted to implement complex cryptographic algorithms themselves. As this practice can introduce unnecessary security flaws, it’s always best to use pre-certified cryptographic implementations for application-level encryption.

Managing Keys

While adding application level encryption to application code has its challenges, these can be minor when compared to the issue of key management. Because inadequate key management can result in stolen or unusable information, developers need to decide whether to include native key management functionality or rely on external key management systems.

Solutions

Delivering Data Protection

Products and services from Entrust can help you deploy application-level encryption and data protection for your most sensitive applications. With the flexibility to handle a broad spectrum of applications, from fully automated, high-volume applications to tightly supervised, low-volume, but nevertheless highly sensitive applications, Entrust nShield HSM application encryption solutions deliver data protection and operational efficiency.

Creating a Trusted Platform for Cryptographic Processing

Entrust nShield hardware security modules (HSMs) create a trusted platform where cryptographic processes can be performed safely and where key material can be protected and managed securely. This trusted layer overcomes the risks inherent in open system software environments in which applications typically execute.

Enabling Control and Agility

With Entrust nShield HSMs, developers and organizations have the best of all possible worlds—the ability to take advantage of proven and pre-certified cryptographic libraries, use native cryptographic offload and acceleration capabilities, and exploit of a wide range of key management tools to deliver a high degree of control and flexibility.

Benefits

Robust Security

Provide high levels of assurance for cryptographic operations through the use of tamper-resistant hardware. Physically protect higher-level application processes through the unique CodeSafe functionality that enables one to execute sensitive code within the secure execution environment inside the HSM.

Operational Flexibility

Secure a broad range of applications by mapping diverse security policies and processes to a flexible and hardened data protection platform. Accelerate implementation of projects through Entrust nShield HSM partnerships with leading vendors, delivering HSMs that are pre-certified to work with a wide range of applications and development platforms.

High Performance

Take advantage of hardware-based cryptography and maintaining high levels of application performance by offloading cryptographic processes onto the HSM. Simplify compliance reporting through streamlined policy definition to improved auditability of business processes.

Resources

Research and Whitepapers: Security World White Paper

The Entrust nShield Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSM appliances, host-embedded HSM cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.

nShield Security World White Paper

Research and Whitepapers: CodeSafe

This white paper describes the unique nShield CodeSafe capability, which enables application code to run within the protected confines of a tamper-resistant nShield Hardware Security Module (HSM). CodeSafe enables users to develop application code to run inside the HSM, providing protection against Advanced Persistent Threats (APTs) as well as insider attacks and hacking. The paper describes the associated toolkit, bundled utilities, and management, and additionally details multiple usage examples where CodeSafe provides high value.

CodeSafe White Paper

Related Products

Image
nshield connect image
HSM

nShield Connect


Enhance security with nShield Connect HSMs - certified, networked appliances providing cryptographic key services across servers and virtual machines.
Image
promo shield solo image
HSM

nShield Solo


nShield Solo HSMs are PCI-Express card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.
Image
HSM nShield Edge product image
HSM

nShield Edge


nShield Edge hardware security modules (HSMs) are portable USB-connected HSMs that provide cryptographic key services for low-volume transaction environments.
HSM

CodeSafe


CodeSafe software developer toolkit provides the capability to create and execute applications within the perimeter of a FIPS 140-2 Level 3 certified nShield HSM.