At the beginning of April, a wish for Gemalto and Thales was finally fulfilled. The two companies then completed the takeover of 4.8 billion euros. Thales saw the main reason for the acquisition as a result of Gemalto’s digital identity and security technology. For once reason for us to discuss these security solutions with Romain Deslorieux, Senior Director Business Development at Gemalto.
The two companies are certainly a match if you look at the type of customers they have. Both of them provide security solutions in critical sectors. For example, Thales has hardware and software for infrastructure companies and governments to support, for example, defence and space travel. Gemalto in turn supplies tailor-made solutions to banks and municipalities, among others. Both companies have to keep their products completely watertight because the consequences of failure are too great. The French company also saw reason to make a big effort to bring in some specialism on data protection and identity security. Gemalto is one of the most important players in this field, which is good for Thales.
Three pillars as a vision
Deslorieux immediately points out a number of things that are very important at Gemalto. For example, enterprise organisations are increasingly confronted with cyber attacks, but they also have to comply with more laws and regulations. In addition to the GDPR with which all organisations are confronted, there are sector-specific guidelines in this area. In the financial sector, for example, there is the PCI DSS, which focuses on the control of card holder data. This is to prevent fraud. Gemalto’s task is to align solutions with such regulations, as well as to reduce the impact of cyber attacks or even prevent them.
On the other hand, Gemalto is aware of the fact that companies are using more and more environments, both on-premise and in the cloud. At Gemalto, too, the multi-cloud is high on the priority list. Services are increasingly meant for the cloud, without losing sight of local environments. Deslorieux also describes the protection of all these environments as security from the edge to the core. The core refers to the protection of data, while safe access to the edge of the network is also taken into account.
The three pillars of Gemalto are, of course, not new. Almost every IT company calls for an increase in the number of cyber attacks, for compliance with laws and regulations, and for multi-cloud. For Gemalto, however, the three points result in a greater challenge when it comes to securing customers’ assets.
Identity and access control
This has been taken into account in the development of Gemalto products. A good example of this is the Identity-as-a-Service solution SafeNet Trusted Access. This is an Identity and Access Management (IAM) service for access control and identity protection of and for employees. It protects both on-premise and cloud applications and allows the IT manager to indicate who has access to what.
It supports a variety of IT solutions, including Office365, ServiceNow, AWS and Salesforce. SafeNet Trusted Access creates policies to give users access to such IT applications. The policy is maintained by verifying the identity of users through multi-factor authentication or one-time login. This completes the GDPR-compliant solution and the picture of the three pillars.
At the airport or using online banking: chances are you too will use Gemalto.
The above solution sounds like a real enterprise application where the critical character of the Gemalt customers is not directly expressed. Gemalto does have a large share in securing situations that you regularly come into contact with and demand absolute security.
One of the sectors in which Gemalto is very active, is financial services. It ensures that transactions at banks can be carried out safely. It makes the Confirm Authentication Server (CAS) available for this purpose, which serves as the centrepiece of all kinds of other IT systems. For example, it communicates with the database in order to securely retrieve and send data. The server works with different operating systems, modules and server configurations. At the back end, the systems have to be connected to each other in order to be able to offer the customer safe and easy access to internet banking. Of course, the customer does not notice this and uses a simple banking app or card scanner.
At airports, too, there’s a good chance that you’ll come into contact with Gemalto’s technology. For example, it collaborates with Paris Aéroport, the Paris airport operator, to install and maintain the smart passport control gates at the airports. Biometric authentication must run as smoothly as possible, and the software for the final check by the border guards must also work. Gemalto also continues to develop these types of authentication forms in order to ensure the best access possible and that the data remain protected.
Seventh division of Thales
With these kinds of activities, Gemalto fits in well with Thales. It will function as the seventh global division, called Digital Identity and Security (DIS). This is in order to provide Thales’ key markets with better solutions. This concerns defence and security, digital security, space and ground transportation.
We will see how it all works out in practice in the coming period. The competition authorities had some concerns before they approved the deal. For example, Thales had to sell nCipher, as maintaining this business unit would lead to an overly dominant position on the General Purpose Hardware Security Modules. Gemalto and nCipher are both market leaders for this encryption hardware.
Nevertheless, with the completion of this project, the security world has seen one of the largest acquisitions ever made. We are curious to see what the next major acquisition will bring us.