Gemalto SafeNet KeySecure

Centralized Cryptographic Key Management

SafeNet KeySecure from Gemalto is the industry’s leading centralized key management platform, and is available as a hardware appliance or hardened virtual security appliance. By utilizing SafeNet KeySecure, organizations benefit from its flexible options for secure and centralized key management – deployed in physical, virtualized infrastructure, and public cloud environments.Only Gemalto can deliver key management appliances across FIPS-validated hardware or a virtual appliance with a hardware root of trust using SafeNet Hardware Security Modules or Amazon Cloud HSM service.

SafeNet Payment HSM adheres to all of the standards, which include

With SafeNet KeySecure, your organization can lower costs and scale key management that is quickly deployed for high-availability across physical, virtualized infrastructure, and service provider environments. Here are a few ways that SafeNet KeySecure is combined with our portfolio of encryptors to pair reliable encryption at the appropriate level and best-in-class key management.

Virtual Machine-Level Encryption

SafeNet KeySecure + SafeNet ProtectV encryptor

  • Complete encryption of virtual machine instances and storage volumes. No unencrypted data is written to disk
  • Support AWS Marketplace and VMware environments
  • Pre-boot authentication ensures only authorized users can access information
  • Granular access controls so unauthorized users and processes cannot access the encrypted data, meeting compliance mandates
Application-Level Encryption

SafeNet KeySecure + SafeNet ProtectFile encryptor

  • Centralized key and policy management to meet compliance mandates
  • Performs transparent encryption of server data at rest without disruption to business operations or application performance
  • Granular access controls so unauthorized users and processes cannot access the encrypted data
  • Can be deployed on network shares, file servers, web servers, application servers, database servers, or other machines running Linux compatible software
Application-Level Encryption

SafeNet KeySecure + SafeNet ProtectApp encryptor

  • Centralizes administration of application encryption policy and keys
  • Protects sensitive applications in a multi-vendor infrastructure in the data center and the cloud
  • Ensures integrity and authenticity of data through digital signing and verification
  • Only authorized users can access application data
Tokenization for Sensitive Data

SafeNet KeySecure + SafeNet Tokenization encryptor

  • okenization replaces sensitive data (credit cards, social security numbers, etc.) with a surrogate value – a token. The sensitive data is encrypted and stored in a safe repository while the token is processed throughout the organization
  • Single, centralized interface for logging, auditing, and reporting access to protected data, keys, and tokens
  • Systems with tokens are taken out of the scope of compliance audits, such as PCI DSS
  • Format-preserving, transparent data protection for a wide variety of data types
Transparent Database Encryption

SafeNet KeySecure + SafeNet ProtectDB encryptor

  • Application-transparent, column-level database encryption across multi-vendor database management systems in the datacenter and in the cloud
  • Centralized policy control of data access with granular restriction options and regular key rotation
  • Segregate data within a database and meet compliance mandates

Highlighted Key Management Features

  • Heterogeneous Key Management:

    Manages keys for a variety of encryption products including databases, file servers, tokenization and applications through Crypto Pack and self-encrypting drives, tape archives, Storage Area Networks, virtual workloads, and a growing list of vendors supporting the OASIS Key Management Interoperability Protocol (KMIP) standard.

  • Next-Generation Solution for NetApp Storage:

    The official upgrade for existing NetApp DataFort Encryption Appliance and NetApp Storage Encryption deployed with the NetApp Lifetime Key Manager.

  • Format Preserving Encryption (FPE):

    Securely encrypts structured data such as credit cards or social security numbers.

  • Full Lifecycle Key Support and Automated Operations:

    Simplifies the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution and key deactivation and deletion. SafeNet KeySecure makes automated, policy driven operations easy for tasks such as key expiry and key rotation.

  • High-Availability and Intelligent Key Sharing:

    Deploys in flexible high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.

  • Multiple Key Types:

    Centrally manages symmetric, asymmetric, secret data, and X.509 certificates along with their associated polices.

  • Centralized Administration of Granular Access, Authorization Controls and Separation of Duties:

    Management console unifies key management operations across multiple encryption deployments and products while ensuring administrators are restricted roles defined for their scope of responsibilities.

  • Auditing and Logging:

    Centralized management includes detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non-repudiation and can be consumed by leading 3rd party SIEM tools.

  • Infield Software Updates:

    Ensures easy installation of new features, core software updates and security patches. Additionally you can run older appliances in cluster with new appliances.

Additional Information

Hardware Specifications:
Height1.7 in1.7 in1.7 in
Width17.1 in without rack mounting brackets, 18.9 in with brackets17.1 in without rack mounting brackets, 18.9 in with brackets17.1 in without rack mounting brackets, 18.9 in with brackets
Depth27.4 in – includes handles and locking bezel27.4 in – includes handles and locking bezel10.6 in
Weight42.5 lbs42.5 lbs11.0 lbs
ProcessorIntel Xeon E5-2420 1.9 GHz, 15M cacheIntel Xeon E5-2420 1.9 GHz, 15M cacheIntel Atom D525
Serial PortStandard RS232 male DB9, pin outStandard RS232 male DB9, pin outStandard RS232 male DB9, pin out
Network Interfaces (Back Panel)2 x 10/100/1000 Mbps Ethernet ports2 x 10/100/1000 Mbps Ethernet ports2 x 10/100/1000 Mbps Ethernet ports
PED Port (Back Panel)The PED port is used to connect the PIN entry device (PED) to the SafeNet KeySecure.N/AN/A
Hard DriveTwo (2) x 500 GB 7.2K RPM SATA 2.5”Two (2) x 500 GB 7.2K RPM SATA 2.5”One (1) x 1 TB 7.2K RPM SATA 3.5"
Power Supply (Back Panel)Two (2) x 350 2W RedundantTwo (2) x 350 2W Redundant60W
USB Ports332
Input Power Ranger100-240 VAC (4.8 A - 2.4 A)100-240 VAC (4.8 A - 2.4 A)100-240 VAC (0.69 A - 0.29 A)
Operating Ambient Temperature10°C to 35°C (50°F to 95°F)10°C to 35°C (50°F to 95°F)0° to 40° C (32° to 104° F)