Entrust announced cryptographic key lifecycle management functionality for
customer-generated keys used in Amazon Web Services (AWS).
This enables organizations to automate and extend control of their
cryptographic keys across public clouds, enabling support for BYOK and
native AWS keys through an intuitive interface.
"As
customers migrate their virtualized workloads to cloud services, they
want to maintain control of the encryption keys that protect their
critical data," said Eric Chiu, vice president, data protection
solutions at Entrust. "Entrust now gives customers full control over the
customer master keys in AWS, and we plan to extend this control across
multiple public cloud service providers. KeyControl backs up and
automates master keys in the key management system (KMS), to ensure full
control of their keys from generation to retirement. As customers sail
in the uncharted waters of multi-cloud deployments, they can benefit
from the agility of running their workloads in AWS, while keeping one
hand on the tiller - ensuring control over where their IT assets are
headed."
Customers
who bring their own cryptographic keys to AWS can leverage Entrust
KeyControl software, formerly HyTrust KeyControl, to securely generate
and manage keys throughout their lifecycle, underpinned by a FIPS 140-2
root of trust. The KeyControl Key Management Server (KMS) facilitates
fine-grained control over key access, while the unified management
interface provides a consistent user experience for keys hosted in the
KMS. The newest version of KeyControl provides management for keys
generated by KeyControl as well as keys generated natively in AWS.
KeyControl
also integrates with Entrust nShield® hardware security modules (HSMs)
either on premises or as a service. This allows customers to deliver
added assurance and trust for cloud migrations by offering a FIPS 140-2
Level 3 validated source for key generation.
Designed
for ease of deployment, enterprise scalability, automation and
performance, KeyControl manages the encryption keys for all virtual
machines and encrypted data stores, and can scale to support thousands
of encrypted workloads in large deployments.
"The
KeyControl unified management interface lets customers bring their own
keys to AWS, and then manage those keys throughout their lifecycle" said
Tushar Tambay, vice president, product development at Entrust. "As
customers migrate their virtualized workloads to the cloud, KeyControl
ensures they can do so with confidence, allowing key rotation schedules
to be fully automated on a cadence aligned with their own security
policies."