Thales HSM Integration Enables Out-of-the-Box FIPS Compliance for Imprivata OneSign® Customers

RSA Conference, San Francisco, CA – February 14, 2011 – Thales, leader in information systems and communications security and Imprivata, the #1 independent single sign-on and access management provider, announce that Thales nShield Solo hardware security modules (HSMs) have been integrated into Imprivata OneSign. Imprivata customers that have a requirement to follow high security best practices in the area of encryption and key management now have a one-stop solution to meet their needs.

Designed to protect cryptographic keys and sensitive data in secure hardware, Thales nShield Solo is a tamper-resistant hardware module that is validated to the FIPS 140-2 standard. As a result of this new partnership the Thales nShield HSM is available as an embedded option for customers purchasing the Imprivata OneSign appliance, delivering the highest level of cryptographic security in the market.

“Imprivata has established itself as a leader in the authentication and access management market with an impressive customer base in highly regulated industries such as healthcare, finance and state and local government; markets where the Thales HSM cryptographic solution is particularly valuable,” Says Cynthia Provin, President, Thales e-Security Inc. “We are delighted to play a role in helping Imprivata’s customers demonstrate FIPS-140 compliance around password security and user access requirements and deliver best practice cryptographic security.” 

Thales nShield Solo HSMs provide enhanced security to the Imprivata OneSign solution in two important areas. Firstly they protect the SSL/TLS keys used to secure communications to and from the appliance which includes the exchange of authentication credentials with end-users, the sharing of system information between appliances within a cluster and management interfaces with administrators. Secondly the embedded Thales HSM encrypts the internal database of passwords and credentials that are cached on behalf of the user to provide access to the target applications. Together the HSM is used to guard against eavesdropping and physical attacks on the OneSign appliance.

“Thales nShield Solo HSMs provides Imprivata OneSign with a complete system for managing keys that allow our customers to meet FIPS 140-2 compliance for cryptographic security,” says Ed Gaudet, Chief Marketing Officer at Imprivata. “We were able to quickly integrate the Thales hardware into our OneSign appliance and provide a level of cryptographic security that is unmatched by other single sign-on and authentication vendors.”

Visit both Thales (booth #2023) and Imprivata (booth #2520) at the RSA Conference, Moscone Center, San Francisco, February 14-18, 2011

For industry issues and comment visit the digital media centre www.keymanagementinsights.com