Thales background banner

CipherTrust Key Broker for Google Cloud EKM


Free Evaluation

Key Broker for Google Cloud EKM

CipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud

CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organizations to follow security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.

Organizations are able to securely create and control encryption keys separate from where their sensitive data is being hosted. By generating encryption keys using CipherTrust Key Broker, organizations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment.

Organizations hold their master keys in a Thales Luna Cloud HSM, which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust, and ensures separation between data and encryption keys, helping to fulfill compliance and security requirements.

Solution Overview

  • Securely create and control encryption keys separate from where sensitive data is being hosted
  • Verify the origin and quality of the keys being brought to the cloud
  • Maintain master keys outside of the Google Cloud environment in a Thales FIPS 140-2 Level 3 certified root-of-trust
Google Cloud EKM

Features & Benefits

Security & Compliance

  • Key access justifications - decide when and why data can be decrypted
  • Enhanced key usage policies and access control
  • Maintain key provenance
  • Audited / distributed key availability


Streamline Operations & Centralize Key Management 

  • Simplify the management of encryption keys including: secure key generation, storage, distribution, deactivation and deletion outside of the cloud environment where data is stored
  • Low latency without compromising on performance when carrying out key management operations and controls


Simplify Configuration & Deployment

  • Google Cloud EKM is a cloud native API, that interacts with the CipherTrust Key Broker via a single URL which simplifies configuration, deployment and is easy to consume
  • Key store and configuration options for enhanced control over where encryption keys reside
  • Key caching capabilities to appropriately balance risk, control, security, performance and operational complexity when protecting cloud workloads
  • CipherTrust Key Broker for Google Cloud EKM is available in the Thales Data Protection on Demand platform, a cloud based HSM service that offers:
    • Key management capabilities deployed within minutes
    • No need for specialized hardware or associated skills
    • Secure generation and storage of master keys in a Luna cloud HSM (separate from Google Cloud), maintaining strict access and controls

Ready to enhance encryption key control and data security for Google Cloud with CipherTrust Key Broker service? This service is available exclusively on the Google Cloud Marketplace - North America and European Union.

Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief

Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief

Following security and key management best practices has never been so easy with the CipherTrust Key Broker and Google Cloud EKM integration. Learn how you can create and control encryption keys with CiphterTrust Key Broker for Google Cloud EKM. 

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud - Webinar

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud - Webinar

When it comes to encryption keys, security best practice is all about control and separation between encrypted data at rest and the keys. Google Cloud encrypts customer data at rest by default and offers organisations multiple options to control and manage their encryption...

Retaining control of your encryption keys and data in Google Cloud - Webinar

Retaining control of your encryption keys and data in Google Cloud - Webinar

When it comes to encryption keys, security best practice is all about control and separation between encrypted data at rest and the keys. Google Cloud encrypts customer data at rest by default and offers organisations multiple options to control and manage their encryption...