Full Key Lifecycle Management and Automated Operations: Simplifies management of encryption keys across its entire lifecycle, from secure key generation, storage and backup, and key distribution, deactivation and deletion. CM makes automated, policy-driven operations easy for tasks such as key expiry and key rotation.
Centralized Access Control and Authorization: Unifies key management operations across multiple data protection connectors while maintaining granular access control to administrative operations. Authenticates and authorizes administrators using your existing AD and LDAP credentials.
Single Pane of Glass: Provides a unified console for discovering and classifying sensitive data integrated with a comprehensive set of data protection connectors to encrypt or tokenize data to reduce business risk and satisfy several compliance regulations.
Secrets Management: Centrally manage Symmetric and Asymmetric Key types as well as secret data and certificates (along with associated policies).
Self-service Licensing: Streamlines provisioning of connector licenses through a new licensing portal. The new management console offers better visibility and control of licenses in use.
Multi-tenancy Support with Separation of Duties: Provides capabilities required to create multiple domains to support large organizations with distributed locations or multiple companies hosted by Managed Service Providers (MSP).
Developer Friendly REST APIs: Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.
Flexible HA Clustering and Intelligent Key Sharing: offers a choice of clustering a physical with a virtual appliance for high-availability environments to ensure optimum processing regardless of the workload location (data center or cloud).
Robust Auditing and Reporting: Includes tracking of all key state changes, administrator access and policy changes in multiple syslog formats (RFC-5424, CEF, LEEF) for easy integration with SIEM tools. In addition, customers can generate pre-configured or customizable SNMP alerts (v1, v2c, v3) as email-based alerts. Audit trails are securely stored and signed for non-repudiation.
High-speed Interfaces with NIC Bonding: NG KeySecure appliance provides optional 2x1GB/2x10GB network interface cards (NIC). NIC bonding is available to increase available bandwidth, by combining new 1G/10G interfaces to provide 2G/20G throughput.
Password and PED Authentication: Offers a stronger two-factor authentication option in addition to passwords, with a Pin Entry Device(PED) device that enables you to associate a PED PIN (something-you-know) with any PED Key (something-you-have).