CipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud
CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organisations to follow security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.
Organisations are able to securely create and control encryption keys separate from where their sensitive data is being hosted. By generating encryption keys using CipherTrust Key Broker, organisations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment.
Organisations hold their master keys in a Thales Luna Cloud HSM, which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust and ensures separation between data and encryption keys, helping to fulfil compliance and security requirements.
Solution Overview
- Securely create and control encryption keys separate from where sensitive data is being hosted
- Verify the origin and quality of the keys being brought to the cloud
- Maintain master keys outside of the Google Cloud environment in a Thales FIPS 140-2 Level 3 certified root-of-trust