Key Management for the Cloud

Thales eSecurity provides a unique range of encryption key management services for enterprises using IaaS, PaaS, SaaS and cloud services providers

Key Management

As organizations move increasing amounts of sensitive data to their IaaS, PaaS, SaaS and cloud services provider environments, strong encryption key management is more essential than ever. Separating data from keys is required by many compliance mandates and meets security best practices outlined by the Cloud Security Alliance, among others.

Thales eSecurity provides robust, scalable cloud encryption key management solutions that align with any cloud strategy and help ensure that the enterprise controls its own data. Our partnerships include all major players in cloud computing, and continue to grow as enterprises increase their adoption of the cloud.

Secure Key Management for Traditional Cloud Data

Enterprises enjoy numerous benefits from offloading workloads to traditional cloud services providers, such as co-location services, managed services providers and others, but still need to ensure the security of their data. Some cloud providers permit "bring your own" encryption, while others offer encryption natively. While the data encryption may occur in the cloud provider's environment, customers must maintain control of the keys that secure their data.

Secure Key Management for SaaS Data

Gartner reports that enterprises now spend tens of billions of dollars on software-as-a-service offerings, with continued growth expected. While some SaaS providers have added encryption to their increasingly powerful applications, ensuring the security of sensitive data is ultimately the customer's responsibility. This includes key management in compliance with data security and privacy mandates.

Secure Key Management for Public Cloud Data

When using public cloud services such as AWS, Microsoft Azure or others, some enterprises will send encrypted data to the cloud, while others may utilize the encryption offered by the cloud provider. Whichever security key management process applies to your enterprise, controlling the encryption keys is critical to maintaining control of your data.

Key Management Solutions for Traditional Cloud Services

Thales eSecurity partners with leading cloud services providers to support enterprise data encryption strategies. Whether you leverage a Vormetric Data Security Manager deployed in the provider's environment or you deploy your own DSM, we work with CSPs to ensure you have control over the encryption keys.

Key Management Solutions for SaaS

Thales eSecurity offers the CipherTrust Cloud Key Manager for a growing number of SaaS solutions including Microsoft Office365 and for Salesforce.com users of Salesforce Shield Platform Encryption. Many other SaaS providers utilize Vormetric Transparent Encryption, which can provide a unique key per customer. We work to partner with other leading SaaS providers to enable them first to encrypt sensitive data and then enable customers to bring their own keys to enhance regulatory compliance.

Key Management Solutions for Public Cloud Services

To alleviate concerns about unauthorized access to encryption keys, as well as potential compliance violations, Thales eSecurity offers both the CipherTrust Cloud Key Manager for comprehensive, web-based key lifecycle management as well as Thales nShield HSMs. The cloud encryption key management solutions leverage Bring Your Own Key (BYOK) API’s offered by public cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. With both solutions, you can generate, store, wrap, and export keys to multiple public cloud providers.

For protection beyond vendor-provided encryption and external key management, you can bring your own encryption (BYOE) and manage your own keys with Vormetric Transparent Encryption agents protecting data in the cloud and the Vormetric Data Security Manager operating on your premises or in the cloud.

Security and Regulatory Compliance

Whatever cloud strategy you leverage - traditional, SaaS, public or hybrid - Thales eSecurity helps you separate the keys from the data to ensure compliance with regulations and standards such as PCI DSS, HIPAA and others.

Gain Privileged User Access Controls and Security Intelligence

Gain distinct advantages when you bring your own encryption (BYOE) to public cloud providers:

  • Granular access controls that prevent risk of data loss due to compromised privileged user credentials.
  • Detailed security management logs that specify which processes and users have accessed protected data.

Learn more at Vormetric Transparent Encryption

Efficient and Convenient Key Management

A web interface to the CipherTrust Cloud Key Manager gives you control of your sensitive data in SaaS, IaaS and PaaS environments. From a single, centralized nShield HSM you can bring your own keys to public cloud providers.

Maintain the Flexibility to Change CSPs

With Thales eSecurity's easy-to-use key management, enterprises can more easily move their data to other cloud environments. When you control your sensitive data in the cloud, you can rapidly change infrastructure providers as business requirements change.

Research and Whitepapers : keyAuthority Report - Ovum

Read what industry analyst Ovum found in their technology audit of our keyAuthority enterprise key management solution.

Download

Guarda la nostra demo interattiva Esplora
Richiedi una demo Live Richiedi
Contatta un esperto Contattaci