Skip Navigation

Gain operational efficiency, compliance, and security by centrally managing multiple cloud provider encryption keys with CipherTrust Cloud Key Manager

For virtually every organization today, the adoption of multiple cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With the CipherTrust Cloud Key Manager, your agency can establish strong controls over encryption keys and policies for data encrypted by cloud services.

CipherTrust Cloud Key Manager from Thales CPL is available for sale to the U.S. Federal Government exclusively through Thales TCT.

CipherTrust Cloud Key Manager supports a growing list of infrastructure-, platform- and software as a service (IaaS, PaaS and SaaS) providers. SaaS solutions include Microsoft Office365, and Salesforce Sandbox. Supported IaaS/PaaS solutions include Microsoft Azure, Microsoft Azure Stack, and Amazon Web Services.

  • Benefits

    Enjoy Enhanced IT Efficiency

    CipherTrust Cloud Key Manager centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab. Advanced cloud key management capabilities include automated key rotation, key expiration handling, and cloud key vault synchronization. These dramatically reduce the time required for cloud key life cycle management. CipherTrust Cloud Key Manager goes well beyond support for BYOK with full key lifecycle management of native cloud keys as well as keys generated by its key sources.

    Gain Strong Key Control and Security

    Bring Your Own Key (BYOK) services enable customers to separate key management from provider-controlled encryption, offering a crucial layer of separation of duties and control. CipherTrust Cloud Key Manager delivers key generation, separation of duties, reporting, and key lifecycle management that help fulfill internal and industry data protection mandates, with optional FIPS 140-2-certified secure key sources.

    Fulfill Best Practices

    Separate encryption key control from data encryption and decryption operations for compliance, best security practices and control of your data. Gain operational insights on encryption key usage with dashboards, reports and logs provided by CipherTrust Cloud Key Manager.

    Meet Organizational Needs with Flexible Deployment Options

    CipherTrust Cloud Key Manager is available in multiple form factors to meet any organization’s needs. Both CipherTrust Cloud Key Manager and its key sources are available in all-software, cloud-friendly offerings and may be found in several cloud provider marketplaces for fast instantiation. Further, deployment in any cloud is wholly separated from cloud provider access, and, keys can be managed in the cloud in which the solution is deployed as well as any other reachable, supported cloud. For example:

    • A key source may be on-premises for compliance
    • A CipherTrust Cloud Key Manager instance may be deployed in Amazon Web Services or any other cloud supported for deployment
    • From there it can manage keys in AWS, Salesforce or Azure or other supported clouds

    Many similar combinations are possible!

    Inherently Automation-Friendly

    In addition to its internal automation features which themselves provide crucial IT efficiency gains, operations for both CipherTrust Cloud Key Manager and its key sources may be fully implemented through RESTful API’s.

  • Features

    Key Life Cycle Automation

    With the click of a button or an API request, keys are marked for automated key rotation. From then on, CipherTrust Cloud Key Manager performs key rotation automatically with comprehensive logging for IT efficiency and enhanced data security. Key rotation may be specified for keys without expiration dates, or specifically for keys to be rotated prior to their expiration dates. Multiple schedules per cloud are available.

    Strong Encryption Key Security

    CipherTrust Cloud Key Manager leverages the security of CipherTrust ManagerThales Luna Network HSM or the Vormetric Data Security Manager to create keys. Secure storage is provided for clouds that deliver backup keys which can mitigate accidental key deletion in cloud consoles. You control full key metadata control during upload and for keys in use.

    True Multi-Cloud Support

    With support for Amazon Web Services and AWS GovCloud, Microsoft Azure, Azure Stack, Azure GovCloud, IBM Cloud, Google Cloud Platform and Google Workspace Client-side encryption,, SalesForce Sandbox and SalesForce GovCloud Plus

    Comprehensive Key Management

    Deploy CipherTrust Cloud Key Manager with any number of keys already created at the cloud provider. Create cloud-native keys in the cloud console as needed. CipherTrust Cloud Key Manager will automatically synchronize, at intervals you can define, its key database with the provider’s. Key attributes such as expiration rules and usage options are all maintained. You can request creation of cloud-native keys, as well as upload BYOK-keys, from the CipherTrust Cloud Key Manager console. If cloud provider rotation rules for native keys are insufficient, you can rotate keys under the control of CipherTrust Cloud Key Manager.

    CipherTrust Cloud Key Manager goes well beyond Cloud Bring Your Own Key: It is a comprehensive cloud key life cycle manager.

    The Compliance Tools You Need

    CipherTrust Cloud Key Manager has the full range of logs and reports you need for fast compliance reporting, including a per-cloud operational logs and a range of pre-packaged key activity reports.

    Support for Emerging Technologies

    With support for cached keys, CipherTrust Cloud Key Manager adds Hold Your Own Key technology to BYOK. As a component of its RESTful APIs for the next level of automation, the product includes support for Azure Service Principle and AWS Assumed Role authentication mechanisms.

  • Resources

    CipherTrust Cloud Key Manager Product Brief
    Product overview with technical features and specifications.

    Download Now



    The Case for Centralized Multicloud Encryption Key Management – White Paper

    Cloud Security Alliance's Cloud Controls Matrix states in section EKM-04 that "Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties." Download this white paper to learn how secure and manage your encryption keys in a multicloud environment.

    Download Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.