Thales CipherTrust Database Protection

CipherTrust Database Protection (CDP) is a database security solution that provides column-level encryption for sensitive data within databases. The product operates without requiring modifications to application code or database logic, enabling organizations to protect structured data through transparent encryption mechanisms. CDP supports multiple encryption methods including AES and Format-Preserving Encryption (FPE). Organizations can choose between local encryption on the database server or remote encryption within CipherTrust Manager, where encryption keys remain in a secure enclave. The solution provides FIPS 140-2 Level 3 certified key management through CipherTrust Manager. The product includes data masking capabilities with both static and dynamic masking options. Static data masking conceals data that does not require access, while dynamic data masking applies visibility rules based on user roles and privileges. Five different data masking options are available to control what unauthorized users, including database administrators, can view. CDP enables separation of duties where developers and applications execute standard SQL queries while encryption is handled transparently. Data security administrators control encryption policies, cipher selection, and access permissions through centralized management. The solution supports live key rotation and cipher updates without requiring downtime or application retesting. The product maintains consistent performance across on-premises, hybrid, and multi-cloud database environments. Setup for column-level protection can be completed in under five minutes by identifying the column to protect and configuring data protection parameters according to organizational security policies.