Using Thales's SafeNet KeySecure with SafeNet ProtectApp, enterprises can bring their own encryption keys (BYOK), to a growing number of cloud environments. Thales currently has Bring Your Own Key integrations with Amazon Web Services Key Management Services (AWS KMS), Salesforce.com, Microsoft Azure, and a CSEK integration with Google Cloud Platform, with more cloud services and applications coming soon.
Enterprises that are hosting their sensitive data in these clouds are able to further protect their data by securely creating and managing their own encryption keys, separate from the cloud service provider’s where their sensitive data is being hosted.
Enterprises can securely create and manage their own encryption keys with SafeNet KeySecure and SafeNet ProtectApp
Enterprises can use SafeNet KeySecure to create encryption keys in their own environment, and then securely wrap and export those keys to the cloud. SafeNet KeySecure simplifies the management of these encryption keys and can make automated policy-driven operations easy for tasks such as key expiry.
- Centralized management of encryption keys
- Full lifecycle key support and automated operations
- Consolidated administration of granular access, authorization controls, and separation of duties
Thales's Bring Your Own Key/Customer Supplied Encryption Keys Solution - Features and Benefits:
Utilizing Thales’s BYOK/CSEK solution provides greater control of your encryption keys, and helps strengthen the security of your key management, while still realizing the benefits that hosting your data in the cloud has to offer.
BYOK/CSEK FEATURE BENEFITS
✔ SafeNet KeySecure allows organizations to utilize a secure appliance (physical or virtual), to manage and maintain ownership of their keys, data encryption, and enforce access controls across cloud environments
Simplifies the management of encryption keys across the entire lifecycle including: secure key generation, storage/backup, distribution, deactivation and deletion
✔ Generate and wrap your own encryption keys that are then securely delivered to the cloud service provider’s environment
By generating your own keys, you can verify the origin and quality of the keys you are providing to the cloud service provider, strengthening the security of your organization’s key management practices
✔ Securely archive and remove encryption keys and key caches from the cloud environment that your sensitive data is hosted in
Using keys that you did not provide can grant unauthorized access to your encryption key material – securely generating, delivering and managing your own encryption keys helps eliminate this risk
✔ Help meet security mandates and compliance with a more auditable usage model
SafeNet KeySecure enables you to prove ownership and management of your encryption keys, and provides audit logs that are securely stored and signed for non-repudiation and can be consumed by leading 3rd party SIEM tools
On-Demand Webinar: "Alphabet Soup HYOK, BYOK, CSEK: Deciphering Multi-Cloud Security”
Learn more about the benefits of centralized key management and the differences between BYOK, HYOK and CSEK in the on-demand version Thales’s joint webinar with 451 Research: "Alphabet Soup HYOK, BYOK, CSEK: Deciphering Multi-Cloud Security”. Topics include:
- Building a multi-cloud security strategy
- Best practices, benefits and pitfalls of managing your own keys
- Impact of regulations on data protection in the next few years
- Understanding the different cloud service provider’s requirements for key management