Ensuring Data Sovereignty and Security Compliance with Thales and Zerto - Zerto
Blog keyboard_arrow_down keyboard_arrow_up

Ensuring Data Sovereignty and Security Compliance with Thales and Zerto

January 4, 2024
Continuous Data Protection
Disaster Recovery
Migration & Data Mobility
Ransomware Recovery
Est. Reading Time: 2 minutes

The need to protect sensitive data has never been greater. Organizations continue to migrate to virtual data centers and cloud environments while dealing with the persistent threat of data breaches. Regulatory demands, such as PCI/DSS, HIPAA/HITECH, GDPR, GLBA, and SOX, will continue to proliferate.

Thales, with its CipherTrust Data Security Platform and Luna Hardware Security Modules (HSMs), partners with HPE and Zerto, a Hewlett Packard Enterprise company, to provide enterprise data protection solutions for HPE GreenLake customers, with centralized key management and encryption for on-premises, at the edge, cloud, and hybrid environments.

For more than 25 years, Thales has been the market leader with innovative, high-assurance, FIPS 140-2 Level-3 validated Luna Hardware Security Modules (HSMs) to meet evolving risk and compliance needs. Governments and the most trusted brands in the world rely on Luna HSMs as their foundation of digital trust, to accelerate cryptographic processing; protect cryptographic keys associated with PKI, data base encryption, code signing, SSL, and cloud; and support secure manufacturing, where confidentiality, integrity, and availability are paramount, in any environment, including hybrid and multi-cloud. Thales Luna HSMs are purposefully designed to provide a balance of security and usability that makes them an ideal choice for enterprise, financial, and government organizations.

Zerto empowers customers to run an always-on business by simplifying the protection, recovery, and mobility of on-premises and cloud applications. Zerto eliminates the risk and complexity of modernization and cloud adoption across private, public, and hybrid deployments.

The simple, software-only disaster recovery and migration solution uses continuous data protection (CDP) at scale to solve for ransomware resilience, disaster recovery, and multi-cloud mobility.

Security Harden Your Zerto Deployment with Thales Luna HSM

The Zerto Virtual Manager (ZVM) leverages Keycloak, an open-source identity and access management solution. As such, users run a risk of signing keys being compromised. That is why it is best to manage Keycloak realm signing keys on Thales Luna HSM.

The Zerto Keycloak realm signing key is used to sign the access token and XML documents between the authentication server and the application. Using a Luna HSM to generate the realm signing keys for Keycloak provides the following benefits:

  • Secure generation, storage, and protection of the private keys on FIPS 140-2 Level-3 validated hardware
  • Full lifecycle management of the keys
  • Access to the HSM audit trail
  • Significant performance improvements by offloading cryptographic operations from the signing servers

It is important to keep the keys to your kingdom safe, especially when those keys safeguard the very essence of your disaster recovery and multi-cloud mobility tool.

Get started with both solutions:

Check out the integration guide for Thales Luna HSM and Keycloak.

Need a place test out deploying this first? Check out HPE Customer Innovation Center (CIC) Geneva to arrange a demo.

Anthony Dutra

Anthony Dutra is a Technical Marketing Manager (TME) at Zerto, a Hewlett Packard Company who specializes in solution architecture, designing microservices in the public cloud, and developing web3 (blockchain) applications. For the past decade, Anthony has leveraged his Master’s in IT Management to become a trusted technical partner with organizations seeking to modernize their data center or migrate to the cloud.