Thales banner

Amazon Web Services External Key Store (XKS)

Obtain digital sovereignty and meet compliance requirements.

  • Using CipherTrust Cloud Key Manager (CCKM)
  • Hold keys outside of AWS to align with the shared responsibility model
  • With CCKM’s single pane of glass, manage AWS Native, AWS CloudHSM, BYOK, and HYOK keys
  • Choose between industry-leading CipherTrust Manager or Luna Network HSM as a key source
CipherTrust Manager Key Management
Win the connected and autonomous car race while protecting data privacy and intellectual property - eBook

Join "The Keys to Sovereignty in the Cloud" Webinar

Our presenter Romain Deslorieux, Thales Director of Strategic Partnerships will discuss "The Keys to Sovereignty in the Cloud".

360° Cloud Security for 2023

Watch the Webinar

Integrate CipherTrust Cloud Key Manager with AWS XKS

AWS External Key Store (XKS) is a new capability in AWS Key Management Service (KMS) that allows customers to protect their data in AWS using encryption keys held inside CipherTrust Manager or Luna Network HSMs external to AWS.

Benefits:

  • Move critical workloads to the cloud
  • Maintain sovereign control of sensitive data
  • Gain strong key control and security
Transparent Encryption

CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, delivers key generation, separation of duties, reporting, and key lifecycle management to help fulfill internal and industry data protection mandates. FIPS 140-2 Level 3 certification available.​​

Enabling Organizations To:

  • Maximize choice from a single console, manage Native, BYOK, HYOK keys across clouds
  • Demonstrate compliance with privacy regulations such as GDPR, Shrems II, PCI-DSS, CCPA
  • Improve operational sovereignty to protect against internal and external bad actors
  • Reduce threat surface by centralizing control of keys outside of cloud providers
  • Increase efficiency and reduce costs by simplifying key management
  • Faster time to value by speeding up migration to the cloud
CipherTrust Manager Key Management
t systems

Varying data protection regulations across countries have presented a challenge for global organisations migrating to the cloud. The CipherTrust Cloud Key Manager simplifies this challenge and ensures we remain compliant while taking advantage of all the benefits of leveraging cloud services. The ability to lean on Thales’ solution has become especially important, as we, and other organisations, increasingly rely on multi-cloud environments.”

Heleen Herselman

VP AWS Powerhouse at T-Systems Cloud Service

CipherTrust Cloud Key Management Solutions for Amazon Web Services

Cloud Key Management solutions for AWS can accelerate the ability of organizations to safely migrate sensitive data between AWS and on-premises infrastructures.

CipherTrust Cloud Key Management

Industry best practices as defined by the Cloud Security Alliance (CSA) require that keys be stored and managed outside of the cloud service provider and the associated encryption operations . Cloud Service Providers (CSPs) can comply with best practices by offering Bring Your Own Key (BYOK) or Hold Your Own Key (HYOK) services to enable customer control of the keys used to encrypt their data. Customer control of the keys allows for the separation, creation, ownership and control, including revocation, of encryption keys or tenant secrets used to create the keys.

CipherTrust Cloud Key Management (CCKM) increases efficiency by reducing the operational burden—even when all of the cloud keys are native keys. Giving customers lifecycle control, centralized management within and among clouds, and visibility of cloud encryption keys reduces key management complexity and operational costs. Customers report that they stepped away from managing keys across a heterogeneous environment and invested in CCKM to enable them to move securely to the cloud—and their cloud use is growing exponentially, reducing management overhead and the potential for security holes.

Deploy the Free Community Edition on AWS Marketplace