Amazon Web Services (AWS)
About Amazon Web Services
For over 12 years, Amazon Web Services has been the world's most comprehensive and broadly adopted cloud platform. AWS offers over 125 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 54 Availability Zones (AZs) within 18 geographic regions and one Local Region around the world, spanning the U.S., Australia, Brazil, Canada, China, France, Germany, India, Ireland, Japan, Korea, Singapore, and the UK. AWS services are trusted by millions of active customers around the world-including the fastest-growing startups, largest enterprises, and leading government agencies-to power their infrastructure, make them more agile, and lower costs.
As cloud service providers embed more security and encryption into their service offerings, federal agencies need to ensure that their data protection strategy takes advantage of the benefits of cloud computing while also meeting their stringent security requirements. One of the most fundamental elements related to encryption is the management of the encryption keys that provide the ability to decrypt or “unlock” the data. Although many data owners are now willing to move their encryption processing to the cloud, most are unwilling to outsource the security of their encryption keys to a cloud service provider. Thales TCT provides the tools and products necessary to allow the most security-conscious AWS customers to retain control and management of their critical keys in the cloud.
Designed for U.S. Government Agencies, KeySecure for Government G350v on AWS is a virtual, centralized key management platform that supports a broad encryption ecosystem for the protection of sensitive data in databases, file servers, storage, virtual workloads, and applications across virtualized data centers.
SafeNet AT ManageCMK is a reference that tool implements the integration between KeySecure for Government and AWS KMS. The ManageCMK tool is used as the secure conduit to issue commands to KeySecure for Government and AWS KMS related to the management of Customer Master Keys (CMKs). Using this solution, government agencies can leverage the encryption capabilities built into the AWS cloud while using KeySecure for Government to manage and maintain ownership of their encryption keys. AWS Key Management.