With the Department of Defense's fiscal year 2027 Zero Trust deadline now less than two years away, defense and intelligence agencies are accelerating implementations to meet the mandate's 91 capability outcomes. Virtru, the leader in data-centric security, today announced a partnership with Thales Trusted Cyber Technologies (TCT) that addresses a critical requirement: protecting data at the object level with hardware-backed cryptographic security.
The Virtru Data Security Platform now integrates with Thales TCT's Luna T-Series Hardware Security Modules (HSMs), ensuring encryption keys never leave FIPS 140 Level 3 validated hardware. The integration is available immediately for Virtru Data Security Platform and Thales TCT customers.
Defense and intelligence organizations face a persistent challenge: the need to share sensitive information quickly conflicts with the security requirements that protect it. This integration solves that tension by combining Virtru's data-centric protection—where security policies travel with information wherever it goes—with hardware-backed key security that meets the highest federal standards.
With this solution, agencies can:
The Virtru Data Security Platform supports ACP 240, IC-EDH, and NATO STANAG 5636 — the interoperability standards that enable secure coalition operations — built on the Trusted Data Format (TDF) that Virtru created and stewards through the OpenTDF open-source project.
The integration was developed in response to requirements from multiple defense and intelligence agencies seeking to accelerate secure coalition data sharing while meeting Zero Trust mandates.
"The Zero Trust mandate requires agencies to protect data at the object level, not just the network level," said Wayne Chung, Chief Technology Officer at Virtru. "That's exactly what TDF does — it binds access policies directly to data so protection persists regardless of where information travels. Adding hardware-backed key security enables agencies to meet both data-centric and cryptographic requirements with a single, standards-based solution rather than proprietary dependencies. The Virtru Data Security Platform maintains its full key lifecycle management capabilities, including automated key rotation and instant revocation, even when cryptographic keys are secured within the HSMs."
"Strong access controls alone aren't enough—encrypted data ultimately depends on the security of its cryptographic keys," said Bill Becker, Chief Technology Officer at Thales TCT. "Software-based key storage leaves those keys vulnerable, which is why hardware-backed key protection is mandated for National Security Systems."
Both Virtru and Thales TCT develop, manufacture, and support their solutions entirely within U.S. boundaries. Federal agencies can deploy a fully domestic solution to meet their most sensitive data protection requirements—without compromising supply chain risk management mandates.
To learn more, visit: virtru.com/partners/thales
Virtru is pioneering the shift from network-centric to data-centric security—embedding protection directly into data so mission owners maintain control wherever sensitive information is shared. As the lead contributor to OpenTDF, an open standard evolved from technology developed at the NSA by co-founder Will Ackerly, Virtru's Data Security Platform supports ACP-240, the Five Eyes-ratified Zero Trust standard for secure coalition operations. Trusted by over 6,000 public- and private-sector organizations, including the U.S. Department of Defense, JPMorgan Chase, and Salesforce, Virtru enables secure collaboration across classification boundaries at mission speed.
For more information, visit www.virtru.com
Thales Trusted Cyber Technologies, a business area of Thales Defense & Security, Inc., protects the most vital data from the core to the cloud to the field. We serve as a trusted, U.S. based source for cyber security solutions for the U.S. Federal Government. Our solutions enable agencies to deploy a holistic data protection ecosystem where data and cryptographic keys are secured and managed, and access and distribution are controlled.
For more information, visit www.thalestct.com