F5 BIG-IP support for Thales hardware security modules offers customers highest levels of security and reduces risk
Thales, leader in information systems and communications security announces F5’s support for Thales nShield hardware security modules (HSMs) through F5 Synthesis’ High Performance Services Fabric. F5’s support for the Thales nShield hardware security module, within the BIG-IP Application Delivery Controller (ADC), offers security-conscious customers an additional layer of security for their SSL keys to comply with corporate security requirements and government mandates as they encrypt their network and application traffic.
Any device handling SSL encrypted traffic is a point of risk within a network infrastructure, representing a target for hackers and cyber-criminals. Customers are therefore looking for solutions that provide high levels of protection for the cryptographic keys that are stored within each device.
Thales nShield HSMs provide certified tamper-resistant cryptographic key generation and management and integrate seamlessly with F5 BIG-IP ADC. By ensuring the cryptographic keys and certificates are used only for their authorized purposes, operational risk is reduced. The robust key management, storage and redundancy features offered by nShield guarantee availability of critical keys, and increase the service velocity to support the increasingly demanding transaction rates of the BIG-IP ADC.
Deploying a Thales nShield HSM with an F5 BIG-IP ADC delivers the following benefits:
- Strong isolation of key material and crypto processes from host environment
- Anti-tamper techniques for physical protection
- Strong authentication for administrators
- Strongly segregated administration domains
- Strongly enforced dual controls for mutual supervision
- High integrity random number generation
- Processing offload to boost capacity
- SSL performance and intelligence
Siva Mandalam, Senior Director, Product Management, F5 Networks says: “Organizations looking to deploy applications in the cloud are often impeded by corporate requirements around security, compliance and performance. With the F5 Synthesis architecture, application services can be deployed in cloud environments and managed centrally alongside services deployed in the data center, enabling consistent deployment and enforcement of the policies governing security and performance. F5’s support for the Thales nShield HSMs provides the highest level of physical protection for cryptographic keys, enabling organizations to establish and prove compliance with the latest government legislation and security frameworks.”
Richard Moulds, Vice President Strategy, Thales e-Security says: “As organizations increasingly rely on cryptography as part of their data protection strategy and to protect their application delivery systems, the trustworthiness of these crypto systems becomes paramount. This is particularly relevant in light of recent concerns over back doors, poorly implemented crypto systems, out of date algorithms, weak key management systems and the increasing burdens arising from privacy mandates. F5 BIG-IP products have leveraged Thales hardware security and key management technology for many years. This latest integration with F5’s Synthesis High Performance Services Fabric allows F5 customers to take advantage of best-in-class cryptographic hardware protection and key management, adding a further layer of security and reducing their operational risk.”
Visit Thales at booth #909 South Expo, RSA Conference, Moscone Center, San Francisco, February 24-28, 2014
See demonstrations of Thales keyAuthority in the OASIS KMIP interoperability showcase booth #1909 South Expo.