Vormetric Welcomes RSA DPM Customers

The RSA End of Product Support Story

RSA has notified current users of End Of Product Support (EOPS) for RSA Data Protection Manager (DPM). The notification was announced regarding:

  • RSA Data Protection Manager Appliance
  • RSA Data Protection Key Client
  • RSA Data Protection Token Client

Thales is pleased to offer current RSA DPM customers a proven alternative for encrypting and tokenizing your valuable data assets to meet regulations and mitigate the cyber threats your organization faces. Don’t get caught with a security solution that is at the end of its life. We are ready to simplify and accelerate your migration to a supported data security platform.

We have everything here to help you get started:


RSA - Thales Product Mapping

Depending on what you are currently using as part of RSA DPM will dictate what you will most likely need when making the migration to the Vormetric Data Security platform. Below you’ll find the product to product comparison between RSA and Vormetric.

RSA - Vormetric Product Mapping

Vormetric Data Security Platform key attributes

  • Key Management:
    • FIPS 140-2 Level 2 and Level 3 validated hardware options
    • FIPS 140-2 Level 1 Virtual Appliance
    • Common Criteria validation
  • Supports separation of duties and key life cycle management
  • NIST approved encryption keys (AES 256, DES, RSA supported)
  • Format preserving encryption (FPE) and Tokenization with Dynamic Data Masking
  • Enterprise ready (scale, performance and deployment)
  • Keys can be imported from any outside source
  • Key Manager supports multi-tenancy for data across borders, cloud deployments, business unit isolation
  • Leverage Vormetric’s Data Security Platform for future security requirements & evolving mandates

Feature Comparisons

We make your migration from RSA DPM to the Vormetric Data Security platform easy. Are you wondering how the features and functionality stack up to RSA DPM?

Check it out for yourself – click below to see the feature on feature comparison for be feature-on-feature

Key Management | Application Encryption | Tokenization

Key Management

Features comparison between RSA & Vormetric

Features RSA DPM Vormetric
Management Console Yes Yes
Secure Management of Keys Yes Yes
KMIP Enabled Yes Yes

Read more about Vormetric Key Management

Application Encryption

Key Management

Features RSA DPM Vormetric
PKCS #11 Yes Yes
Application Encryption Yes Yes
Format Preserving Encryption No Yes
C, C#, Java APIs for Key Management Yes Yes
Secure Management of Keys Yes Yes

Read more about Vormetric Application Encryption



Features RSA DPM Vormetric
Tokenization REST API No Yes
Tokenization Client Required Yes Yes
Vaulted Tokenization Yes Yes
Vaultless Tokenization No Yes
Management Console Yes Yes
AD Integration Yes Yes

Read more about Vormetric Tokenization

Additional Product Capabilities with Thales

Additional Platform Capabilities Not Available in RSA DPM

You’ve learned about product mapping and also about the feature on feature comparison between RSA DPM and the Vormetric Data Security platform. Moving to Vormetric makes good sense not just because there is parity from a feature perspective. Click below to learn about the additional capabilities you’ll get with Vormetric that were not an option with RSA DPM.

Vormetric Transparent Encryption | Vormetric Cloud Encryption Gateway

Transparent Encryption Delivers

Vormetric Transparent Encryption enables data-at-rest encryption, privileged user access control and the collection of security intelligence logs without re-engineering applications, databases or infrastructure. The deployment of our data-at-rest encryption software is simple, scalable and fast. Vormetric Transparent Encryption Agents are installed above the file system on servers or virtual machines to enforce data security and compliance policies.

Vormetric Transparent Encryption Attributes

Strong, High-performance, Encryption
No Changes to Databases
No Changes to Applications
Easy SIEM Integration
Privileged User Access Control
Linux, UNIX, Windows Support
Automated and Orchestrated Deployment
Automated Key Management

Cloud Encryption Gateway Delivers

With the Vormetric Cloud Encryption Gateway, organizations can safeguard files in cloud storage environments, including Amazon Simple Storage Service (Amazon S3), Box and Caringo. The cloud security gateway solution encrypts sensitive data before it is saved to the cloud storage environment, enabling security teams to establish the visibility and control they need around sensitive assets. CEG delivers the following features which you do not have today:

Vormetric Cloud Encryption Gateway Attributes

On-premises Encryption and Key Management
Access Control and Visibility of Cloud Storage Solutions
Create Secure and Compliant Collaboration

Typical Migration Path

To make the move from RSA DPM to Vormetic Data Security takes planning and we’ll be with you every step of the way from initial scoping to whiteboarding, to actually doing the migration.

Application Encryption

  1. Inventory existing applications that use DPM application encryption.
    1. Identify the application sprawl accessing the protected databases.
    2. Which applications do I encrypt?
    3. Which applications do I decrypt?
  2. Are these in-house applications?
    1. Have access to source code?
  3. What new projects will need application services?
    1. What are they written in?


  1. Inventory existing applications that utilize tokenization.
    1. Identify applications and token databases.
    2. How is the tokenization vault being used?
    3. Would the performance and cost gains of using vaultless tokenization be advantageous?
    4. Which applications need to detokenize?
  2. Are these in-house applications?
    1. Have access to source code?
  3. What new projects will need tokenization services?
    1. What are they written in?

Next Steps

Once you have discussed the answers to these questions, it would be beneficial to whiteboard the enterprise architecture and encrypted/tokenized dataflow. This can provide a customized roadmap for you to plan for a successful migration.

The typical migration path involves:

  1. For replacing RSA DPM Key Client: Decrypt existing data and re-encrypt it with Vormetric Application Encryption. Vormetric uses PKCS#11 libraries, the same as RSA DPM, so minimal coding is necessary and most importantly current expertise is leveraged.
  2. For replacing RSA DPM Token Client: Identify which applications to target for migration first. Vormetric offers a vault solution similar to RSA DPM, or you can use this opportunity to upgrade to a higher performing vaultless solution. Vormetric offers bulk load tokenization utilities for ease of migration.
  3. Alternative solution: There will be many use cases where you could utilize Vormetric Transparent Encryption vs. application layer encryption or tokenization. Vormetric Transparent Encryption delivers file system level encryption, privileged user access control and audit logs without application development. It runs transparent to the users, applications and storage environment.

Once applications and tokenization data is migrated you will have successfully moved from the RSA DPM EOL platform to the Vormetric Data Security Platform.

How long should I expect the migration to take?

The migration from RSA DPM to the Vormetric Data Security Platform depends on the number of applications that need to be migrated. Proper planning and understanding of dataflow is key to success. Vormetric utilizes PKCS#11 libraries, REST APIs, and transparent encryption solutions, so coding efforts are minimal and in-house expertise is leveraged.

What are my next steps?

Getting started is easy. Contact your local Thales representative or partner to get started. Email sales@thalesesec.com to set up a meeting to discuss your situation with our experts.

Watch the Video Overview

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental
  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM