As an IT or security pro, you’ve likely encountered this situation. You spend scarce budget resources and significant energy onboarding a business-critical security product. Just when you have things ironed out, the vendor throws you a curveball. They announce end-of-life or EOL.
Yes, your vendor is offering a “next-generation” platform as a replacement, but you have questions:
- How much work is migrating going to take?
- How much is this going to cost?
- How will I train my team?
- Is this upgrade/migration really as easy as the vendor claims?
The end of an era for Vormetric
On April 16, 2021, Thales officially announced the end-of-Life of the Vormetric Data Security Platform (DSP). As a result, affected customers have until June 2024 to take action: migrate to CipherTrust or consider alternatives.
The end-of-life announcement has come as a shock to many who depend on Vormetric data security to protect their data “crown jewels”. But product end-of-life is a reality we commonly face in technology.
For Thales, the product portfolio was ripe for a re-architecture. After becoming a data security powerhouse through their acquisitions of both leaders in the space–Vormetric and Gemalto—it makes perfect engineering sense to take the pieces of those portfolios and harmonize the overlapping products. This new platform, CipherTrust, is really the best of the entire portfolio all wrapped into a new, modern, next-generation data security platform.
For all the promise this brings, however, customers are still wrestling with a choice: do I make this jump from Vormetric to CipherTrust?
Do I stay or do I go?
Not an easy question to answer, we know. You have a lot to think about and consider as you prepare for this migration. Adding to the challenge is the fact that you do not have much time. Three years can breeze by faster than you think.
Especially when you are dealing with the planning and forethought required to protect your business’s most critical asset–your encrypted data.
Planning ahead is your greatest key to success
To help Vormetric organizations prepare for this transition, we have distilled down all of the deciding factors for a CipherTrust migration into five areas. These five considerations should provoke you and your team to start thinking today about what this Vormetric DSM end-of-life will mean for your business and maintaining your data security objectives. You’ll also learn how our Sidechain HealthCheck™ for Vormetric can assist in this process of getting your organization ready for migration.
What to consider when considering CipherTrust
1. This won’t be easy, so plan accordingly
Be under no illusion, migrating away from your Vormetric implementation and on to CipherTrust is not going to be easy.
If performing a DSM upgrade is like refueling a jet mid-flight, migrating to CipherTrust Manager (CM) is replacing all four engines and upgrading the infotainment system all without bringing the plane down.
It’s not–with the right expectations and the right plan.
Migrating to CM starts with a plan. Start by performing a gap analysis noting everything you use with Vormetric today. Then determine how you’re going to use those same integrations within the CipherTrust ecosystem of products and capabilities. Once you establish what capabilities you need to replicate with CM, you can define the how:
- How will we migrate our data and keys to CM?
- How will we replicate our policies, user sets, process sets, and other objects?
- How will we migrate our hosts?
- How will we achieve high availability in our target CM configuration?
- How long will the migration take?
- How much downtime and system disruption will this require?
- How much will this cost me?
If you are using Vormetric products beyond Vormetric Transparent Encryption, like Cloud Key Management (CCKM), Vormetric Application Encryption (VAE), or Vormertic Tokenization Server (VTS), you’ll need to develop a migration plan for those products as well.
2. CipherTrust Manager: powerful, but unique from the DSM
Customers may optimistically hope that CipherTrust is just a “next-generation DSM” but in reality, Thales is offering much more. This is a new product with new management interfaces, new commands, new UI, and ultimately, a new model for managing data security, encryption, and key management.
Many of the foundation concepts do remain: hosts, VTE policies, guardpoints, transparent encryption, etc. These baselines will bring comfort to the migration to CipherTrust as they are where Vormetric customers will spend most of their time. But CM also brings new features including:
- The ability to manage many previously separated products from a single interface
- A new CLI for managing functionality at the command line
- A new API for robust automation
- A new browser-based GUI
- New administrator management capabilities
- Granular key management
When considering your migration to CipherTrust Manager, bear in mind that you’ll be working with what is, essentially, a new product. Your staff will need adequate training, even if they have used Vormetric for some time.
3. Your Vormetric assets will need to change
Most of the clients we work with, supporting their Vormetric efforts, have invested in runbooks, standard operating procedure (SOP) documents, and other architecture/design documents. These will all need to be updated, revised, and in some cases, rewritten entirely. This is because the management of many of the aspects of CipherTrust does not resemble the DSM.
As you plan your migration to CM, consider the number of “assets” that will need to be updated and modified – this could be a significant workload, and is not to be underestimated.
4. Build a “no failure” migration path
There’s a reason security professionals have a mantra about encryption: “don’t f*** it up.”
When encryption goes wrong, bad things happen.
Data usually becomes unavailable, if not corrupted, encryption keys could be in jeopardy, and systems and applications behave very badly when these dominos start to fall.
Migrating to CipherTrust Manager from Vormetric requires a foolproof plan, and one that doesn’t compromise the stability and trust you’ve earned by keeping Vormetric stable. There are several ways of achieving this, and your consideration of this point should include:
- Do we have the right staff to architect our migration plan?
- How will we ensure there is no chance of data loss or corruption?
- Will we be able to migrate without disruption to the business or applications relying on Vormetric?
Another consideration is to think beyond the technical steps. Vendors often think of migrations as a technical exercise – steps documented in a user manual – but migrations like this are far more involved. You will need to consider in terms of change control requirements, scheduling maintenance windows, engaging the right resources, rollback planning, submitting change requests, getting approvals, and overall team readiness to take on a migration of this magnitude.
Remember: no vendor has a test environment that mirrors your production implementation!
5. Is it worth staying on the Thales train?
Ultimately, a significant consideration customers need to think through is whether migrating to CipherTrust Manager and this next-generation platform truly is the correct strategic step. After all, end-of-life announcements beg the question of whether it’s time to get off the train and look for an alternative that may better align with your future technology roadmap. To determine if staying with Thales is the best move for your business, you should consider:
- Does your cloud provider offer security services you could take advantage of instead?
- Is there another way to secure your data, or an alternative approach?
- Can you repurpose other solutions the organization has deployed to consolidate security efforts?
Thales CipherTrust Manager is a powerful solution, bringing together the best features of the Vormetric portfolio of products combined with those of Gemalto/SafeNet. Any customer that has had success with Vormetric will undoubtedly benefit from continuing with CM.
That said, there have never been more options for achieving data security, particularly as most organizations come to grips with a cloud-first future.
Move to CipherTrust on your terms and reduce your risk
The Vormetric-to-CipherTrust Manager migration does not give you much time. Three years may seem an eternity, but as we know, it can pass in a heartbeat, especially with budget cycles, infrastructure freezes, and resource challenges. It is therefore critical to develop a migration strategy and to have a clear understanding of your readiness to move forward with the CipherTrust transition. Planning ahead is your greatest key to success.
With Sidechain, you can plan ahead and ensure your organization is fully prepared for the CipherTrust migration with our HealthCheck for Vormetric. We will inspect over 30 controls and operational practices to your existing Vormetric framework and provide actionable recommendations to set your organization up for the smoothest possible migration to the CipherTrust Data Security Platform.
As a certified partner with Thales having supported Vormetric customers with their implementations for over 10 years, Sidechain serves as a partner you can trust to help plan a full-fledged migration to CipherTrust Manager.
To get started, schedule your Sidechain HealthCheck for Vormetric DSM today.