Vormetric Application Encryption

With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.



  • Streamline Encryption Implementations. The application encryption solution simplifies the process of adding encryption to applications. Developers use Java, .NET, or C libraries to facilitate communication between applications and encryption agents
  • Secure Cloud and Big Data Environments. With the application encryption solution, you can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.
  • Establish Strong Controls. Gain controls you need to stop malicious DBAs, cloud administrators, hackers, and authorities with subpoenas from gaining unauthorized access to valuable data.



  • Centralized Key and Policy Management. Vormetric Application Encryption enables centralized control of application-layer encryption and file system encryption. With the application encryption solution, all policy and key management is done through the Vormetric Data Security Manager. As a result, the solution simplifies the data security operations environment, reducing the number of management consoles that administrators have to learn and maintain.
  • Flexible Implementation Options. The application encryption solution enables developers to use NIST standard solutions for both Advanced Encryption Standard (AES) and format preserving encryption (FPE), which enables organizations to implement encryption without changing the database schema. Vormetric Application Encryption features a library that implements a subset of the PKCS#11 APIs.
  • Scalable Batch Data Transformation Utility. Vormetric Application Encryption customers can also order the Batch Data Transformation utility from Thales e-Security. By leveraging Batch Data Transformation, your organization can encrypt large data sets without lengthy maintenance windows and downtime—and without changing applications, networking configurations, or storage architectures.




Supported environments: Microsoft .NET 2.0 and higher, Java 7 and 8, C


Integration standard: OASIS PKCS#11 APIs


Encryption: AES, Format Preserving Encryption (FF1)


Operating systems: Linux, Windows 2008 and 2012


Performance: 400,000 credit card size encryption transactions per second (e.g. single thread, 32 core, 16GB, C)


Policy and key administration: Vormetric Data Security Manager


Character support: ASCII, Unicode


Certification: FIPS 140-2 Level 1—in progress



Original: https://www.thalesesecurity.ru/products/data-encryption/vormetric-application-encryption