nShield Connect

Hardware modules of Thales nShield Connect provide the near absolute security level of cryptographic transactions, unlike the software or unprotected hardware not capable to completely exclude a possibility of a compromise of information. The solutions Thales are based on the checked technologies and have a layered design. Hardware modules of protection of Thales nShield Connect provide physical and logical methods of data security provision.

Physical methods of protection

• HSM Thales nShield Connect is the special network device isolating cryptographic processes and encryption keys from applications and operating systems of a host and making them available only via strictly controlled cryptographic interface;
  
• The body of the module Thales nShield Connect has the highest level of reliability thanks to the special construction excluding cracking and also use of technology of epoxy sealing for protection of the internal schemes and special tags of a security system exposing attempts of unauthorized access to the module;
  
• The additional opportunity implemented by means of CodeSafe technology: movement of the parts of an application code which are especially needing protection from a host server in the so-called "sandbox" (the application for safe data storage) in the equipment which is physically protected by HSM;
  
• Condition monitoring of the external environment, including integrity of the body, power supplies and temperature for detection of threats of attack;
  
• Strict authentication of computers of the users having access to shares of Thales nShield Connect.
  

Logical methods of protection

• All administrators and users who get access to HSM Thales nShield Connect undergo the individual procedure of strict authentication by means of the smart cards managed directly by the module. There is no more need to rely on unreliable passwords which are often used by a group of persons and are applied in several applications;
  
• Clear split of duties of administrators and security officers in Thales nShield Connect considerably increases the level of security of keys unlike software tools of data protection where users with the special access level (the supervisor or the administrator) have the expanded rights, including, and concerning access to passwords;
  
• The double control implemented in Thales nShield Connect requires joint work and, moreover, quorum of several administrators and operators, for example, for accomplishment of critical transactions, such as recovery of a master key of enciphering. The method of mutual control minimizes threat of appearance of insiders. In nShield Connect this method is easily configured and allows to implement close to absolute the system of protection;
  
• The possibility of strict integrity checking of data and gain of policy for the applications which are in addition protected by means of CodeSafe technology is optionally provided.
  

Advantages of Thales nShield Connect

In the past of a security system of the high level were bulky that had an adverse effect on convenience of their use, cost and performance. Administrators had to look for balance between security on the one hand and efficiency with another. HSM of the Thales nShield family combine close to absolute a security system and high performance, providing at the same time convenience of management of key processes.

• Automatic safe key management of enciphering and creation of their backup copies considerably simplify integration of the modules HSM and make their use in business processes considerably easier more well;
  
• Various standard applied interfaces (API) for a broad spectrum of software products and serious preliminary testing for compatibility with the most popular applications minimize risks at security system deployment;
  
• Mechanisms of cryptographic acceleration reduce load of client computers and increase the overall performance and efficiency of systems;
  
• The lack of restrictions on a total quantity of encryption keys expands system scaling options;
  
• Backup eliminates need of preserving of twirls of enciphering for the allocated hardware or expensive specialized HSM;
  
• The protected body is completed with the unique double system of power supply and standby system of cooling with a possibility of hot swap directly in the course of work;
  
• An opportunity to integrate the modules HSM both on separate servers, and within a server group, allows to create the most failsafe systems with a possibility of balancing of loading;
  
• Remote access allows security officers and administrators to execute the duties in the safe mode, reducing risks and operating costs of a system;
  
• In the module Thales nShield remote synchronization of the applications protected by CodeSafe technology (optionally) is also implemented.