Next Generation KeySecure

Next Generation KeySecure offers the following benefits to customers.

• Centralized enterprise key management across multiple on-premises data stores and cloud key management across multiple cloud service providers
• Simplified management of data protection connectors with self-service licensing portal and improved control of licenses in use
• Cloud friendly deployment options with native VM support for Amazon Web Services, Azure, Google Cloud, VMware, Openstack, Microsoft HyperV and Oracle VM
• Expanded Hardware Security Modules (HSM), with options to use a Cloud HSM-as-a-service, network HSM and a built-in HSM for highest level of trust
• Granular auditing and reporting of all key lifecycle management operations with options to generate syslog records and email alerts

Data Protection Connectors

NG KeySecure enables you to centrally manage a variety of data protection connectors to encrypt data-at-rest across file-servers, databases, applications, virtual machines and public/private clouds. It makes it easy for organizations to consolidate their disparate encryption product deployments to simplify data security and compliance

• File Encryption
  NG KeySecure + ProtectFile enables you to transparently encrypt data-at-rest in files, volumes and databases on Windows, Unix and Linux OS's across physical/virtual servers, in cloud and big data environments. It also provides privileged user access control and detailed data access audit logging.

• Database Encryption
  NG KeySecure + ProtectDB integrates data encryption or tokenization for sensitive fields in databases at the user-defined function, or UDF level, in the database application stack.  ProtectDB is available for Oracle, Microsoft SQL Server, IBM DB2 and Teradata databases.

• Application-level Encryption
  NG KeySecure + ProtectApp delivers key management, signing, hashing and encryption services enabling applications to protect of files, database fields, big data selections. It is based on the PKCS#11 standard, comes with supported sample code and includes a range of practical, use-case based extensions to the standard.

• Virtual Machine Encryption
  NG KeySecure + ProtectV delivers encryption of virtual machine instances and storage volumes. Supports AWS and VMware environments. Pre-boot authentication ensures only authorized users can access information.

• Tokenization for Sensitive Data
  NG KeySecure + Tokenization Server offers vaulted and vaultless tokenization options with random or format-preserving encryption (FPE) to protect sensitive data regardless of location. It also provides policy-based dynamic data masking to hide sensitive data in use from unauthorized users based on their identity. It simplifies implementing tokenization with RESTful API in combination with centralized tokenization server, enabling compliance with several privacy regulations.

• Static Data Masking
  NG KeySecure + Batch Data Transformation provides both static data masking for a wide range of use cases plus its use case to prepare large data stores for use with Tokenization Server or ProtectApp.

Next Generation KeySecure Specifications

NG KeySecure Physical Appliance

NG KeySecure Virtual Appliance

Full Key Lifecycle Management and Automated Operations: Simplifies management of encryption keys across its entire lifecycle, from secure key generation, storage and backup, and key distribution, deactivation and deletion. CM makes automated, policy-driven operations easy for tasks such as key expiry and key rotation.

Centralized Access Control and Authorization: Unifies key management operations across multiple data protection connectors while maintaining granular access control to administrative operations. Authenticates and authorizes administrators using your existing AD and LDAP credentials.

Single Pane of Glass: Provides a unified console for discovering and classifying sensitive data integrated with a comprehensive set of data protection connectors to encrypt or tokenize data to reduce business risk and satisfy several compliance regulations.

Secrets Management: Centrally manage Symmetric and Asymmetric Key types as well as secret data and certificates (along with associated policies).

Self-service Licensing: Streamlines provisioning of connector licenses through a new licensing portal. The new management console offers better visibility and control of licenses in use.

Multi-tenancy Support with Separation of Duties: Provides capabilities required to create multiple domains to support large organizations with distributed locations or multiple companies hosted by Managed Service Providers (MSP).

Developer Friendly REST APIs: Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.

Flexible HA Clustering and Intelligent Key Sharing: offers a choice of clustering a physical with a virtual appliance for high-availability environments to ensure optimum processing regardless of the workload location (data center or cloud).

Robust Auditing and Reporting: Includes tracking of all key state changes, administrator access and policy changes in multiple syslog formats (RFC-5424, CEF, LEEF) for easy integration with SIEM tools. In addition, customers can generate pre-configured or customizable SNMP alerts (v1, v2c, v3) as email-based alerts. Audit trails are securely stored and signed for non-repudiation.

High-speed Interfaces with NIC Bonding: NG KeySecure appliance provides optional 2x1GB/2x10GB network interface cards (NIC). NIC bonding is available to increase available bandwidth, by combining new 1G/10G interfaces to provide 2G/20G throughput.

Password and PED Authentication: Offers a stronger two-factor authentication option in addition to passwords, with a Pin Entry Device(PED) device that enables you to associate a PED PIN (something-you-know) with any PED Key (something-you-have).