Comprehensive Key Management
BYOK: deploy CipherTrust Cloud Key Manager with any number of keys already created at the cloud provider. Create cloud-native keys in the cloud console as needed. CipherTrust Cloud Key Manager will automatically synchronise its key database with the provider’s, at intervals that you can define. Key attributes such as expiration rules and usage options are all maintained. You can request creation of cloud-native keys, as well as upload BYOK-keys, from the CipherTrust Cloud Key Manager console. If cloud provider rotation rules for native keys are insufficient, you can rotate keys under the control of CipherTrust Cloud Key Manager.
HYOK: CipherTrust Cloud Key Manager supports many emerging HYOK offerings: Salesforce Cached Keys, Google Cloud External Key Management (EKM) and Google Workspace Client-side Encryption. HYOK is provided by services that respond to encryption key requests from cloud providers.
CipherTrust Cloud Key Manager goes well beyond Cloud Bring Your Own Key: it is a comprehensive cloud key lifecycle manager.
Key Lifecycle Automation
With the click of a button or an API request, keys are marked for automated key rotation. From then on, CipherTrust Cloud Key Manager performs key rotation automatically with comprehensive logging for IT efficiency and enhanced data security. Key rotation may be specified for keys without expiration dates, or specifically for keys to be rotated prior to their expiration dates. Multiple schedules per cloud are available.
Key Rotation is use-case-dependent. Consult your cloud provider for information on whether you preferred data stores support key rotation.
Strong encryption key security
BYOK and HYOK require secure key generation and storage. CipherTrust Cloud Key Manager leverages the security of CipherTrust Manager, Thales Luna Network HSM or the Vormetric Data Security Manager to create keys. Secure storage is provided for clouds that deliver backup keys which can mitigate accidental key deletion in cloud consoles. You control full key metadata control during upload and for keys in use.
True multi-cloud support
CipherTrust Cloud Key Manager supports:
- Amazon Web Services (AWS)
- AWS GovCloud
- AWW China
- Microsoft Azure
- Azure Stack
- Azure GovCloud
- Azure China sovereign cloud
- Google Cloud Platform
- Google workspace client-side encryption
- Salesforce.com
- Salesforce Sandbox
- SAP Data Custodian
- IBM Cloud (Key Protect)
- IBM Cloud (HPCS)
The compliance tools you need
CipherTrust Cloud Key Manager has the full range of logs and reports you need for fast compliance reporting, including per-cloud operational logs and a range of pre-packaged key activity reports.
Support for emerging technologies
CipherTrust Cloud Key Manager supports many fast-emerging technologies. Here are some examples: