Get in contact with a Data Security Specialist
THALES GLOSSARY
What is Data Encryption?
Encryption transforms sensitive data (e.g., name, address) into an unreadable format known as ciphertext using a mathematical algorithm and a secret key. Encryption can only be reversed by authorized parties who possess the corresponding decryption key. Ciphertext can be a mixture of numbers, characters and symbols and typically requires more storage space than format-preserving tokens.
Enterprise data encryption with centralized control
Whether storing data in a physical data center, private or public cloud, or third‑party storage application, strong encryption and key management are essential to protect sensitive data.
Our CipherTrust Data Security Platform delivers enterprise data encryption for data at rest, in motion, and in use—combining transparent encryption, tokenization, and role‑based access controls across databases, applications, APIs, files, and storage containers. Centralized key management and a hardened root of trust help enterprises protect master keys and keep data secure.
What others are saying
Software Developer in the Software Industry gives CipherTrust Data Security Platform 5/5 Rating in Gartner Peer Insights™ Data Security Platforms Market
Software Developer in the Software Industry gives CipherTrust Data Security Platform 5/5 Rating in Gartner Peer Insights™ Data Security Platforms Market
Software Developer in the Software Industry gives CipherTrust Data Security Platform 5/5 Rating in Gartner Peer Insights™ Data Security Platforms Market
Centrally-managed encryption at every layer and key management
Protect sensitive data everywhere with consistent encryption, centralized control and key management across hybrid environments.
Comply with regulations
Protect PCI, PII and PHI with encryption and key management across all data states.
Reduce breach risk
Protect PCI, PII and PHI at every layer.
Secure data on premises and across clouds
Protect PCI, PII and PHI across hybrid and multi-cloud environments. Eliminate gaps as data moves among platforms.
Protect data before it spreads
Protect PCI, PII and PHI before AI and other systems replicate the data across applications, systems and environments.
Control data sprawl
Discover, classify, protect and analyze sensitive data across your environment.
Enforce access controls
Limit access to PCI, PII and PHI with role-based access controls (RBAC) and centrally-managed policies.
Get Started
Enhance your security posture with enterprise-grade data encryption
Forrester Total Economic Impact of Thales CipherTrust Data Security Platform
Cost Savings and Business Benefits Enabled by the CipherTrust Data Security Platform
Prior to implementing CipherTrust Platform, we struggled with encrypting and tokenizing data spread across such a complex IT landscape, but CipherTrust Platform has made it possible to centralize all encryption and key management across all platforms.”
How organizations prevent data exposure with CipherTrust Data Security Platform
Encrypt enterprise databases without application changes
Protect sensitive data stored in enterprise databases using CipherTrust Transparent Encryption, a data‑at‑rest encryption solution that secures database files without modifying applications or schemas. Maintain performance while protecting regulated and sensitive data.
Secure data exchanged through APIs and services
Protect sensitive data in motion as it flows between applications, services, and microservices using CipherTrust Application Data Protection. Secure API requests and responses without rewriting application code, ensuring encrypted data exchange across modern architectures.
Protect production data copied into non‑production environments
Prevent exposure when production data is copied into development, testing, analytics, or AI training environments. Use CipherTrust Transparent Encryption and CipherTrust Data Masking to protect sensitive data while supporting safe data reuse.
Publish usable datasets without exposing sensitive fields
Enable secure data sharing by removing sensitive information before datasets are distributed. Apply CipherTrust Data Masking and Redaction to permanently mask PII and confidential fields across databases, files, and analytics datasets.
Control access to cleartext data in shared systems
Limit who can view sensitive data in cleartext across enterprise databases and applications. Use CipherTrust Key Management and policy‑based controls to reveal, mask, or encrypt data based on user role, application, or context.
Security that integrates with your technology ecosystem
With one of the industry’s largest cyber security technology ecosystems, Thales solutions integrate with the most widely used technologies to protect and secure access to your mission-critical applications and data.
Explore the CipherTrust Data Security Platform portfolio
CipherTrust Application Data Protection
Application Data Protection empowers developers to easily add application-level protection.
CipherTrust RESTful Data Protection
Simplify data protection and allow developers to call a data protection method without having to manage security themselves.
CipherTrust Data Protection Gateway
Protect RESTful web services and microservices with no change to code, ever.
CipherTrust Transparent Encryption
Secure files, volumes, and linked cloud storage across your environment through data-at-rest encryption.
Related Resources
Encryption helps organizations reduce the impact of ransomware by preventing unauthorized access to sensitive data and limiting the usefulness of stolen information. When combined with centralized key management, access controls, and security monitoring, encryption creates multiple layers of defense that help organizations maintain control of critical data even if systems are compromised.
Encryption converts sensitive information into unreadable ciphertext that can be restored with a cryptographic key. Tokenization replaces sensitive data with non-sensitive tokens, while data masking hides or obscures specific information from users. Organizations often use these technologies together to protect data, reduce compliance scope, and secure sensitive information across applications, databases, and cloud environments.
Organizations can maintain control of encryption keys across multiple cloud providers through centralized key management. This approach allows security teams to enforce consistent policies, manage key lifecycles, support compliance requirements, and reduce dependence on cloud-provider-managed keys. Centralized key management also improves visibility across hybrid and multi-cloud environments.
AI, machine learning, and analytics platforms often process large volumes of sensitive business and customer data. Encryption helps protect that data during storage and processing while supporting privacy regulations and internal security policies. Organizations increasingly use encryption and centralized key management to secure AI training data, analytics environments, and cloud-based data pipelines.
The right encryption approach depends on where sensitive data resides and how it is used. File-level encryption can protect unstructured data, database encryption secures structured information, application-layer encryption protects data before storage, and network encryption safeguards information in transit. Many organizations adopt a layered strategy that combines multiple encryption methods with centralized key management for comprehensive protection.