Alex Hanway | Director of Business Development
Oracle and Thales are excited to announce CipherTrust Cloud Key Management’s (CCKM) support for Oracle Cloud Infrastructure‘s (OCI) new cross-site replication functionality for its Dedicated Region Cloud@Customer and OCI Alloy offerings. Cross-site replication with OCI Vault EKMS and Thales CipherTrust Cloud Key Management facilitates secure, customer-controlled encryption and key management across multiple connected DRCC and Alloy sites.
So far, 2025 has been nothing short of unpredictable. Geopolitical uncertainty and the subsequent effects on confidence in the global economy have renewed customer emphasis on remaining in control of their operations and mitigating risks both known and unknown. Contributing to this uncertainty is the growing tension from the rapid advancements in AI and quantum computing - probably best illustrated by DeepSeek’s surprise progress announcement which turned conventional AI orthodoxy on its head. Customers need control of their data, but they must also continue to innovate with the latest cloud technologies to remain competitive in a quickly evolving global context. To say this is tricky is a massive understatement.
It is against this backdrop that Oracle and Thales collaborate to expand our customer-controlled “Hold Your Own Key” integration using OCI Vault EKMS.
What does this mean for customers?
In short, it means they can continue to own and centrally control their data in more extensive and more complex OCI DRCC and Alloy deployments. Phase one of the integration with with OCI Vault EKMS allowed customers to externally store and control master keys securing OCI based data in a Thales cloud-based service, or virtual or physical appliance. Now, in phase two, the same Alloy and DRCC EKMS master keys on CipherTrust Cloud Key Management will be accessible from the additional sites that customers use for back-up and disaster recovery. CCKM offers seamless OCI Vault EKMS failover preventing any interruption in service when using cross-region replication. This year, cross-site replication will also support Fusion SaaS apps to broaden the number of cases where customers can control their encryption keys in OCI.
Beyond the essential questions of control, our new joint release also simplifies encryption key administration by making the keys from multiple clouds and services manageable from the same console.
All of these benefits accrue to customers using CipherTrust Cloud Key Management for OCI DRCC, but they additionally accrue to the customers who choose to purchase OCI Alloy-based services. Alloy is designed for service providers and large public sector customers who intend to host and manage their own type of service offering, giving end-users greater controlWhether it’s a telecom company using Alloy to provide a dedicated business cloud or a government building a national sovereign cloud the same separation of duties principals apply. End customers want to remain in control of their data irrespective of where it resides. With Thales those customers get to manage and control their Alloy keys in the same place as they would the keys they use on-premises or in their other cloud infrastructure.
Game Changing Security
Despite my best efforts, this blog post doesn’t capture the magnitude of what Oracle and Thales are able to offer these customers today. Oracle’s innovative approach to cloud – and specifically to private cloud initiatives geared toward large enterprise customers – is changing the game. Tying together their innovations in this space to allow for centralized data-at-rest security management changes the scale at which customers will design and build their own digitally sovereign offerings. There is more in store. Oracle and Thales continue to collaborate to make the cloud more secure, agile, and innovative. Stay tuned for exciting things ahead.
To learn more about the Thales and Oracle partnership please visit
OCI Key Management for Digital Sovereignty & Compliance Requirements