Today’s businesses are focused on leveraging data at scale to fuel AI innovation and enhance business outcomes. However, as cloud adoption accelerates and organizations increasingly migrate workloads from traditional on-premises setups to hybrid or cloud environments, they have stringent security and compliance needs, particularly to protect sensitive and regulated data in a public cloud. Letting confidential data fall into the wrong hands is not an option, which is why cloud security has become critical. But it’s not just about protecting the infrastructure; it’s about controlling the encryption and the cryptographic keys that safeguard your data.
How CipherTrust Database Protection strengthens cloud security for Teradata VantageCloud Lake
Thales, Teradata’s strategic global security partner, has developed a powerful solution tailored specifically for VantageCloud Lake to enable businesses to control their data security -- CipherTrust Database Protection (CDP) for Teradata VantageCloud Lake -- which is scheduled to launch in Q4 2024.
CDP is a purpose-built encryption designed to protect data on VantageCloud Lake. The solution is based on the shared responsibility model of cloud security, leveraging the principles of Bring Your Own Encryption (BYOE). It allows Teradata’s customers to maintain full sovereignty over their data encryption keys while leveraging infrastructure from global cloud providers like AWS, Google Cloud, and Azure.
How does the solution work?
The Thales CDP for Teradata VantageCloud Lake includes several core components:
- Encryption: This provides encryption at the database column level, protecting sensitive data fields, in line with compliance mandates.
- Tokenization: This technique replaces sensitive data with non-sensitive placeholders or tokens, reducing the exposure of the original data.
- Dynamic data masking: Ensures that only authorized users can see data in its plain form. Others could receive the data showing in a masked format, e.g., the last four digits only, or not receive the data at all.
- External key management: This allows for secure management of encryption keys outside of the cloud environment, enhancing security and control over access to encrypted data, and enabling compliance with data sovereignty requirements.
- CipherTrust Manager and Luna Hardware Security Modules: CDP for VantageCloud Lake works with Thales CipherTrust Manager for cryptographic operations and lifecycle management of encryption keys. CipherTrust Manager also offers the option to generate and store these keys in the Thales Luna Hardware Security Module (HSM), providing a secure hardware-based root-of-trust.
Meeting your critical security needs in the cloud
The integration of Thales encryption and key management capabilities into the VantageCloud Lake platform helps Teradata customers solve several cloud security needs including:
- Data security: Encryption ensures that sensitive data remains protected, whether at rest, in transit, or in use, mitigating risks of unauthorized access and data breaches.
- Data sovereignty: For global entities navigating a maze of data residency and sovereignty requirements, CDP for VantageCloud Lake helps them maintain independent control over encryption keys, seeing that data is only accessible in jurisdictions where it is legally permitted.
- Controlling operator access: With growing concerns over internal threats and operator misuse, CDP for VantageCloud Lake ensures that only authorized people are able to access encrypted data, dramatically cutting the risk of insider threats.
- Operational resilience: Encrypted data and secure key management allow critical business operations to continue without compromising sensitive data in the unfortunate event of a cyberattack or data breach.
- Compliance: Thales’ CDP for VantageCloud Lake solution is also designed to help businesses comply with key global security frameworks, such as GDPR, PCI DSS 4.0, NIS2, and the Digital Operational Resilience Act (DORA). With governments and regulatory bodies imposing increasingly stringent rules on data protection and cybersecurity, entities must demonstrate that they can secure sensitive data and provide detailed audit trails and encryption mechanisms to prove compliance requirements.
The power of Teradata and Thales
The collaboration between Teradata and Thales brings a comprehensive solution for both current Teradata customers transitioning to the cloud and new customers who are looking for modern analytics and AI capabilities with enhanced security.
This partnership equips enterprises with the tools they need to move their workloads to the cloud securely, comply with stringent regulatory mandates, and keep total control over their encryption keys.
Enhanced and heightened security for future cloud migrations
Maintaining data security remains crucial as businesses migrate data to cloud environments. The new CDP for Teradata VantageCloud Lake solution from Thales solves key security goals of customers such as encryption, key management, data sovereignty, and compliance. It’s a comprehensive and customizable security layer for VantageCloud Lake. With the Q4 2024 release of the Teradata & Thales solution, enterprises can ensure that security, compliance, and operational resilience are never compromised.
For more information about our partnership with Thales, please contact Paul Foucher at paul.foucher@teradata.com.