Once an organisation encrypts data on third party servers, storage infrastructure and devices, it depends on centralised enterprise key management to generate, distribute, store, rotate and revoke/destroy cryptographic keys associated with that encrypted data, wherever it resides.

Enterprise Key Management solutions from Thales, enable organisations to centrally manage and store cryptographic keys and policies for third-party devices including Microsoft SQL TDE, Oracle TDE and KMIP-compliant encryption products. CipherTrust Enterprise Key Management delivers a robust, standards-based platform for managing encryption keys from disparate sources across the enterprise. It simplifies the administrative challenges around encryption key management to ensure that keys are secure and always provisioned to authorised encryption services.

Enterprise Key Management System Diagram

Benefits
Features
Specifications

Unify Key and Certificate Management

Leverage CipherTrust Manager for managing keys for Thales data protection connectors and third-party applications including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.

Improve Operational Efficiency

Enterprise Key Management simplifies the process of managing cryptographic keys, enabling security teams to gradually consolidate the management of encryption across the enterprise that can reduce cost of ownership and minimize overall risks.

Prevent Unplanned Downtime

Minimize key availability and redundancy, leveraging secure replication of keys across multiple appliances with automated backups. Automated alerts help prevent unexpected key expiration.

CipherTrust Manager offers the following Enterprise Key Management solutions.

CipherTrust KMIP Clients:
Centrally manage keys across a variety of KMIP clients.

CipherTrust TDE Key Agents:
Protects data in databases using Transparent Data Encryption (TDE) Key Agents on Oracle and Microsoft SQL Servers.

CipherTrust LUKS Agents:
provides transparent data encryption on Linux servers using Linux Unified Key Setup (LUKS) Agents.

CipherTrust Cloud Key Manager:
Supports BYOK use-cases by centrally managing keys for multi-cloud environments, such as AWS, Microsoft Azure, Salesforce and more.

Secrets Management

Opaque Objects, Passwords, X.509 certificates
Symmetric and asymmetric encryption keys

Administration

Secure-web (CipherTrust Platform management console), CLI, REST API
Bulk import of digital certificates and encryption keys
Command line scripts

Key and Certificate Formats for Search, Alerts, and Reports

Symmetric encryption key algorithms: AES (default=128, 192, 256), ARIA), ARIA (default=128, 192, 256)
Asymmetric encryption key algorithms: RSA (512, default=1024, 2048, 3072, 4096)
Digital certificates (X.509): DER, PEM, PKCS#7, PKCS#8, PKCS#12
Go to Supported Key Algorithms for more details

Third-Party Encryption

Microsoft SQL TDE, Oracle TDE, IBM Security Guardium Data Encryption, KMIP-clients
Partner Categories: Tape Libraries, Enterprise Storage, Efficient Storage, Enterprise Servers, Database Servers, Virtual Environments, Cloud/SaaS, Backup & Recovery
Go to CipherTrust Manager Interoperability Overview for detailed list of partners