Skip Navigation
  • Overview

    Customer controlled encryption for cloud storage with customer owned keys

    Federal agencies are looking to the cloud to meet their data storage needs. Although cloud storage offers increased flexibility and availability as well as decreased costs, many agencies hesitate to bring compliance-regulated or mission-sensitive data to the cloud.

    Data Security in the Cloud
    Many Cloud Service Providers (CSPs), such as Amazon Web Services, emphasize the shared responsibility model for securing data in the cloud. CSPs own the responsibility to secure the infrastructure that runs their cloud services. While CSPs’ employ extensive security, the onus is on the CSP’s customer to secure their data adhering to compliance mandates and regulations. The most effective way to do so is through customer controlled data encryption and key management, deployed with strong policy-based access controls. 

    ProtectCloudStorage, a cloud encryption solution, protects sensitive data stored in the cloud. ProtectCloudStorage encrypts data using customers’ own cryptographic keys before it is sent to cloud object storage. The solution supports both hybrid and pure cloud environments with ProtectCloudStorage running on-premises or in the cloud. It works in tandem with KeySecure for Government, a cryptographic key management platform, to protect and manage the cryptographic keys used in the encryption process.

    ProtectCloudStorage offers various deployment models:

    Endpoint deployment – encrypts cloud storage-bound data on individual endpoints before it leaves the device.


    Gateway deployment – encrypts cloud storage-bound data via a gateway before it reaches object storage. (available Summer 2018)


    Designed for Ease of Use
    ProtectCloudStorage features a simple interface. Users can easily select and encrypt cloud storage-bound files though an easy-to-use web interface. ProtectCloudStorage offers a full suite of APIs for organizations who want to automate sending encrypted data to object storage.

    KeySecure for Government
    KeySecure for Government provides centralized key management for ProtectCloudStorage.  KeySecure for Government is available as either a hardware appliance (Enterprise-level G460 or Field-level G160) or virtual appliance (G350v). KeySecure for Government supports a FIPS 140-2 Level 2 or 3 hardware root of trust.

    KeySecure for Government is manufactured, sold, and supported exclusively in the United States by SafeNet Assured Technologies.

    Robust Security for Data Stored in the Cloud
    Because data is encrypted on the endpoint, ProtectCloudStorage enables administrators to maintain control of the entire data encryption process. Moreover, by integrating a key manager, the encryption keys remain separate from the CSP. With ProtectCloudStorage, organizations can prove data ownership at all times.

    When customer-owned encryption and encryption keys are implemented correctly, agencies will be able to secure their sensitive data in the cloud and meet many compliance mandates and security regulations.

  • Benefits

    Transparent, Strong, and Efficient Encryption

    •  Encrypt sensitive data before it enters cloud object storage
    • Securely manage keys centrally in a FIPS-certified cryptographic key manager
    • Data security through encryption and key deletion: Permanently delete the relevant encryption keys to cryptographically erase  data in the event of a breach or change of data ownership

    Ownership of Key Management Lifecycle and Encryption Keys

    • Manage the key lifecycle from creation to rotation to deletion
    • Separation of duties: Assign administrative duties to different staff allowing infrastructure administrators to maintain the storage or virtual environment without ever having access to the data or keys
    • Centralized key management: Centralize encryption key management from one platform to improve security through streamlined efficiency and remove data access ability from third-party administrators throughout the key lifecycle
  • Technical Specifications
    • Supported Browsers:  Chrome, Firefox, Internet Explorer, Edge
    • Supported Operating Systems: CentOS, Windows 7, Windows 2012 R2, Windows 10, Windows 2016
    • REST API  language support: Curl, Java, Android/Java, Objective-C, JavaScript, C#, PHP, Perl, and Python
    • Supported Cloud Platforms: AWS, AWS C2S
    • Algorithms: AES-256

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.