Entrust unveiled KeyControl as a Service (KCaaS), providing organizations with control of their cryptographic keys while leveraging the benefits of the cloud.
Existing key management solutions can lack advanced features required to meet evolving compliance mandates and security policy requirements. Moreover, they fail to provide comprehensive contextual information about cryptographic assets, hindering effective management and risk assessment.
Entrust KeyControl’s support for geographically distributed vaults enables highly effective management of keys and secrets, while mitigating aggregation risks within a cryptographic ecosystem. This approach enables data protection that aligns with local security policies and helps ensure compliance with regulatory mandates.
“Traditional key management solutions often fall short in tracking and controlling keys and secrets throughout their lifecycles. As enterprises increasingly rely on cryptography to safeguard their applications, workloads, and data, this can lead to compliance and security challenges,” said Bhagwat Swaroop, President, Digital Security Solutions at Entrust.
“When it comes to cloud data security, the ability to create, use, and control encryption keys in the cloud is vital. As such, organizations are increasingly turning to cloud-based, as-a-service solutions to fulfill their cryptographic security requirements either in addition to or as a replacement for traditional on-premises solutions. Entrust KeyControl as a Service is designed specifically to help address the challenges of securing data everywhere − including in the cloud − and managing the keys and compliance in a heterogeneous and interoperable way,” added Swaroop.
The new KCaaS solution helps address these challenges by offering a unified dashboard for complete visibility, traceability, compliance tracking, and an immutable audit trail of keys and secrets that can be conveniently managed through a cloud platform. Its decentralized vault architecture ensures keys remain secure within authorized endpoints, while also supporting a wide range of cryptographic use cases.
Additionally, the platform offers decentralized security with centralized visibility across the enterprise cryptographic ecosystem. This means an organization’s cryptographic assets are not confined to a single, central repository.
“Veeam recognizes how key management systems can enhance security and compliance,” said Stefan Renner, Technical Director of Product Management, Alliances at Veeam, an Entrust partner. “By running key management solutions as a service, such as Entrust KeyControl, in conjunction with Veeam Backup & Replication™ (part of Veeam Data Platform), we anticipate enterprises will leverage more flexibility in deployment of their workloads – enabling greater cyber resiliency and management.”
Key features and benefits of the KCaaS platform include:
- Key lifecycle management: Automates key storage, backup, distribution, rotation, and revocation, simplifying the management of encrypted workloads.
- Key inventory: Provides a centralized dashboard for fine-grained control, compliance, and risk tracking, translating complex requirements into actionable insights.
- Decentralized vault architecture: Ensures keys never leave their designated vaults except to authorized endpoints, enhancing security and control.
- Flexible use cases: Supports a wide range of use cases, catering to diverse needs such as Key Management Interoperability Protocol (KMIP), cloud key management options like Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) deployments, secrets management, privileged account session management, tokenization, and database protection.
- Compliance management: Continuous tracking of keys and secrets against compliance standards or best practices.
- Scalability: Seamlessly scales to support millions of keys and secrets.
- Risk scoring: Provides continuous risk assessment and tracking for keys and secrets, ensuring proactive management and mitigation of potential security threats.
By combining all the key elements of visibility, compliance, risk measurement, documentation, processes, data sovereignty, decentralization, integration, and third-party support, Entrust KeyControl as a Service can help meet the stringent regulatory challenges face by today’s enterprises.
KeyControl as a Service is certified to FIPS 140-2 Level 1. For organizations requiring higher levels of assurance, KeyControl as a Service can be seamlessly integrated with a FIPS 140-3 and Common Criteria EAL4+ certified Entrust nShield Hardware Security Module (HSM).
The HSM provides an additional layer of security protecting the keys managed by KeyControl as a Service. It is also used in the process of generating cryptographic keys, ensuring high-quality entropy from the HSM’s random number generator is used in keys created and managed by KeyControl vaults irrespective of which vault type is deployed.