CipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud

CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organisations to follow security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.

Organisations are able to securely create and control encryption keys separate from where their sensitive data is being hosted. By generating encryption keys using CipherTrust Key Broker, organisations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment.

Organisations hold their master keys in a Thales Luna Cloud HSM, which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust and ensures separation between data and encryption keys, helping to fulfil compliance and security requirements.

Solution Overview

Securely create and control encryption keys separate from where sensitive data is being hosted
Verify the origin and quality of the keys being brought to the cloud
Maintain master keys outside of the Google Cloud environment in a Thales FIPS 140-2 Level 3 certified root-of-trust

Features & Benefits

Security & Compliance

Key access justifications – decide when and why data can be decrypted
Enhanced key usage policies and access control
Maintain key provenance
Audited / distributed key availability

Streamline Operations & Centralise Key Management

Simplify the management of encryption keys including: secure key generation, storage, distribution, deactivation and deletion outside of the cloud environment where data is stored
Low latency without compromising on performance when carrying out key management operations and controls

Simplify Configuration & Deployment

Google Cloud EKM is a cloud native API that interacts with the CipherTrust Key Broker via a single URL which simplifies configuration, deployment and is easy to consume
Key store and configuration options for enhanced control over where encryption keys reside
Key caching capabilities to appropriately balance risk, control, security, performance and operational complexity when protecting cloud workloads
CipherTrust Key Broker for Google Cloud EKM is available in the Thales Data Protection on Demand platform, a cloud based HSM service that offers:
- Key management capabilities deployed within minutes
- No need for specialised hardware or associated skills
- Secure generation and storage of master keys in a Luna cloud HSM (separate from Google Cloud), maintaining strict access and controls

Ready to enhance encryption key control and data security for Google Cloud with CipherTrust Key Broker service? This service is available exclusively on the Google Cloud Marketplace - North America and European Union.

Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief

Following security and key management best practices has never been so easy with the CipherTrust Key Broker and Google Cloud EKM integration. Learn how you can create and control encryption keys with CiphterTrust Key Broker for Google Cloud EKM.

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud - Webinar

When it comes to encryption keys, security best practice is all about control and separation between encrypted data at rest and the keys. Google Cloud encrypts customer data at rest by default and offers organisations multiple options to control and manage their encryption...

CipherTrust Key Broker for Google Cloud EKM

CipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud

Features & Benefits

Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud - Webinar

Retaining control of your encryption keys and data in Google Cloud - Webinar