Thales UK Ltd

Data In Motion Encryption

Thales Data in Motion Encryption solutions offer flexible, vendor-agnostic network connectivity. They support a range of security objectives and network environments, adaptable to evolving requirements. The HSE product range supports Encryption network speeds up to 100Gbps, and platforms range from single to multi-port appliances, available in hardware and virtual solutions.

Features

• Supports point-to-point, point-to-multipoint, multipoint-to-multipoint network topologies
• Concurrent policy-based, multi-layer encryption (layers 2, 3 and 4)
• Up to 15 Gbps throughput performance (subject to hosting environment)
• Adds very low network overhead
• 500+ network connections
• Extensive virtual-hosting environment range KVM/QEMU, VMware, ESXi, VirtualBox
• Symmetric cryptography: AES-128, AES-256, CFB, CTR, GCM modes
• Asymmetric cryptography: ECC-512, RSA-2048
• Support for quantum resistant algorithms
• Support for custom cryptography

Benefits

• Enables a virtualised encryption solution
• Does not compromise on security or network/application performance
• Instant scalability matches scale and flexibility of Software Defined Networks
• No requirement to deploy large numbers of hardware encryption devices
• Delivers up to 30% network performance benefit over other solutions
• Ease of deployment with centralised, ‘zero-touch’ provisioning
• 100% interoperability with Senetas hardware and cloud encryptors already installed
• Provides flexible, cost-effective way to encrypt to the virtual edge
• Encryption services on demand ability reduces capital and operational expenditure
• Provides network-agnostic end-to-end encryption

£4,696 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fcmo@uk.thalesgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

761135992461649

Contact

Phaedra Warnes
07974 011385
fcmo@uk.thalesgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: CV1000 Hosting Platform options:; • KVM - (IvyBridge/Haswell/Broadwell/Westmere, Skylake); • VMware / Virtual Box - (IvyBridge/Haswell/Broadwell/Westmere, Skylake); • Native VMware OS - (IvyBridge/Haswell/Broadwell/Westmere, Skylake); • AWS
• System requirements:
  • Support for Debian 11 (Bullseye)
  • 3 x CPU, 2GB RAM, 2GB virtual disk storage
  • Preferably, support for Intel DPDK library
  • Virtual hosting environments supported: KVM/QEMU, VMware, ESXi, VirtualBox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Thales Standard Support Package provides your organization with the technical support services you may need for a non-critical, development or test environment. It allows you access to our team of Technical Support Engineers, who will endeavour to answer any questions you may have about installing, configuring and maintaining your Thales products. Initial response within 8 business hours and access to Thales Support Portal and knowledge base
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Thales offer one support level, this is included in the monthly charge. It allows access to our team of Technical Support Engineers, who will endeavour to answer any questions you may have about installing, configuring and maintaining your Thales products. initial response is provided within 8 business hours.; The support also includes access to Thales Support Portal and knowledge base.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide on-site or online training with full user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is destroyed by Thales under GDPR Guidelines
• End-of-contract process: The service is terminated.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: RESTful JSON interface; A RESTful HTTP(s) interface is provided for the purposes of remote monitoring and issue detection.; The RESTful interface leverages the existing SNMP MIB interface, providing the ability to walk the SNMP MIB from any existing OID using its textual representation within a URL parameter.; The RESTful interface access is controlled via the user console access rights, that is, the user must be authorized.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Custom elliptic curves, custom AES substitution boxes, custom encryption algorithms

Scaling

• Independence of resources: All customer devices are isolated so this is not a service that is affected by other users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Senetas-CV1000 Virtual. CN-series and cloud-based encryptors, SureDrop data-at-rest encryption

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Data at rest does not need to be protected by this service as this is a ‘Data in Motion’ product. No user data is stored.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: No Client Data is held within the service
• Data export formats: Other
• Other data export formats:
  • SYSLOG
  • SNMP Traps
  • Proprietary XML
• Data import formats: Other
• Other data import formats: Proprietary XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: The product in question is providing the data-in-transit protection. Public algorithms such as AES-256 GCM are used to ensure robust encryption is established to protect customer data.
• Data protection within supplier network: Other
• Other protection within supplier network: Not applicable

Availability and resilience

• Guaranteed availability: This appliance has a typical MTBF of 1.4 million hours. There are no SLAs for this as Data in Motion Encryption is an appliance for a service. The customer is able to purchase maintenance contracts for which there are terms in relation to delivery.
• Approach to resilience: The service fits into existing high availability environments as a bump-in-the-wire service
• Outage reporting: SNMP monitoring, SNMP trap alarms

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Note that User access is only required for management of the systems and not to enable data traffic. Authentication via TACACS+ is possible.
• Access restrictions in management interfaces and support channels: A role-based model is used: administrator, supervisor, operator or maintainer
• Access restriction testing frequency: Never
• Management access authentication: Other
• Description of management access authentication: Management interfaces: SNMPv3 authentication for the GUI (SHA1) , SSH for the remote CLI

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • FIPS 140-2 L3
  • EAL4+ Common Criteria
  • NATO restricted

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies for this product are customisable to user requirements. The policy will reflect the user environment, the risk appetite of the client and particular constraints around product failure or disposal.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Thales implement a robust change management process with Technical and change approval boards for its product lines. Supporting policy documents can be made available as part of contractual discussions
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Thales Security and DPoD Security operations team monitor infrastructure tools to maintain compliance with polices, updates and detect threats. Thales maintains support with all vendors of its infrastructure, including security advisories. A formal patch management process is implemented within Thales, where ever possible patches are deployed in a timely manner, being validated in dev, staging environments before being pushed into production. However due to the nature of some of our service offerings such as FIPS 140-2 Certified HSMs, some updates release to production for some use cases may be dependent on third party review and audit by NIST
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As part of the information deployment, monitoring tools are deployed across the environment to detect deviations from standard configurations. This includes WAF, IPS, IDS, proxies and other inspections technologies. If an issue is detected that system can automatically be segregated for further inspection and new baseline deployments brought into production transparently to customers.
• Incident management type: Supplier-defined controls
• Incident management approach: The Thales CSIRT team operate across all product lines within Thales, Thales complies with RFC2350; ; Thales has and will maintain a security incident response plan that includes procedures to be followed in the event of any actual, suspected, or threatened security breach of the personal information. Upon request, Thales shall provide documentation regarding such analysis and remediation.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  Fighting climate change; Thales UK has a clear focus on fighting climate change. Thales has set itself a target of becoming a Carbon Net Zero company by 2030, powered by cleaner energy used more efficiently at our sites and for our business, with renewable energy supplies.; ; There are several strategies that Thales and our Cyber offerings implement to fight climate change, including:; ; 1) Sustainable future. Thales has put fighting climate change at the centre of its strategy, highlighted by the fact that tackling climate change is one of the 4 Thales strategic pillars. Thales Cyber security and consultancy offerings have enabled companies to develop secure and sustainable products, prevent product recalls, learn digital lessons and reduce rework that go towards meeting their strategic sustainability objectives and tackle climate change.; ; 2) Travel reduction. Thales has introduced a Smart Working model to reduce the travelling required by the workforce. One pillar of this is arranging virtual meetings with Customers, Stakeholders and interested parties. Thales has also deployed numerous tools to enable Thales UK to effectively operate via remote / smart working. It is expected that meetings under G-Cloud could implement this methodology to offer the same benefits to the customer. Running on managed services means efficient use of shared and common infrastructure, allowing sustainable collaboration from existing infrastructure, where organisations or teams may once have had dedicated infrastructure are now allowed to work remotely, securely.; ; 3) Carbon reduction. Thales strives to implement carbon reduction, through a series of targets to reduce carbon emissions annually. Smart working, championed by our Cyber Security Consultants and offerings has been a key enabler of this strategy. Additionally, services enabling secure collaboration mean that businesses do not need to procure additional new hardware, thereby having a positive environmental impact.

  Tackling economic inequality

  For the theme of “Tackling Economic Inequality” Thales’s methodology centres on a number of Sub themes these included: Levelling up, Increasing productivity and Education & Training.; Levelling up - Geographical Challenges; ; Thales is committed to the UK prosperity as a whole and drives economic activity in all parts of the country. In 2020, Thales supported over 25,400 jobs in the economy, driving growth in all four nations of the UK.; Thales works with local government and institutions to provide opportunities for local people and to support redevelopment of deprived parts of the UK. A recent example includes:; Investing in Wales - In partnership with Blaenau Gwent Council, the Welsh Assembly and the University of South Wales, Thales established a £20m National Digital Exploitation Centre in EbbwVale. It’s generating new jobs in high-demand and high-skill areas for a region that has suffered from economic inequality. ; Education and Training; ; Thales is committed to the professional development of the contract workforce and provides access to learning opportunities to ensure employees have knowledge and skills to keep up with the pace of technological change. ; Thales has an established early careers programme that attracts both apprentices and graduates (A&G) from a diverse background. In 2023 we hired 154 A&G colleagues, with a 2025 objective of at least 10% of all new hires to be graduates/apprentices.; Where appropriate due to Security Aspects, Thales will enable A&Gs to work alongside projects teams to learn ‘on the job’ and gain valuable insights beyond academic lessons. ; School STEM Workshops. Careers Fairs & Volunteering; ; Thales has an established partnership with the Smallpeice Trust to deliver STEM and careers workshops to members of underrepresented groups in schools/colleges serving disadvantaged communities. ; ; All employees benefit from 24 hours yearly allowance for volunteering.

  Wellbeing

  Thales considers the health and wellbeing of our people to be fundamental to our success as a business. We have a well-established health and wellbeing (H&W) support provision, which has enabled us to rapidly provide critical support to our employees where and when it is needed most. ; In 2017, Thales signed the Time to Change pledge, publically stating our commitment to changing the way we think and talk about mental health in the workplace. We have trained 200+ of our people in Mental Health First Aid, a network of supporters who can recognise the early signs of mental ill health, listen whilst assessing for crisis, and provide information. ; Help @ Hand; Thales provides every employee & their families access to an Employee Assistance Programme - A 24/7 helpline for in the moment emotional and practical support, or signposting onward resources, such as healthcare or local assistance. ; In 2021 Thales developed a ways of working model to support and equip teams, individuals & people managers with resources and frameworks to promote our hybrid ways of working following the pandemic, the framework will promote a culture of wellbeing and psychological safety for teams to work effectively within the new working culture.; Sustained & continued support; Thales also has a dedicated Employee Relations team to provide specific and tailored interventions. Thales will work alongside Occupational Health, H&W providers and rehab services to establish adjustments and tailored programmes to enable employees to return to work in the manner that is safest for them.; Thales will track and monitor working patterns to ensure that all hours worked are booked in the ERP Systems to actively monitor loading on individuals so that individuals maintain a healthy work/life balance. Any significant deviations from the norm will be raised in sprint planning reviews to inform resource balancing actions.

Pricing

• Price: £4,696 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: It is a fully-functional version of the product, which can be converted to a paid for version

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fcmo@uk.thalesgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.