Entrust announced cryptographic key lifecycle management functionality for customer-generated keys used in Amazon Web Services (AWS). This enables organizations to automate and extend control of their cryptographic keys across public clouds, enabling support for BYOK and native AWS keys through an intuitive interface.

"As customers migrate their virtualized workloads to cloud services, they want to maintain control of the encryption keys that protect their critical data," said Eric Chiu, vice president, data protection solutions at Entrust. "Entrust now gives customers full control over the customer master keys in AWS, and we plan to extend this control across multiple public cloud service providers. KeyControl backs up and automates master keys in the key management system (KMS), to ensure full control of their keys from generation to retirement. As customers sail in the uncharted waters of multi-cloud deployments, they can benefit from the agility of running their workloads in AWS, while keeping one hand on the tiller - ensuring control over where their IT assets are headed."

Customers who bring their own cryptographic keys to AWS can leverage Entrust KeyControl software, formerly HyTrust KeyControl, to securely generate and manage keys throughout their lifecycle, underpinned by a FIPS 140-2 root of trust. The KeyControl Key Management Server (KMS) facilitates fine-grained control over key access, while the unified management interface provides a consistent user experience for keys hosted in the KMS. The newest version of KeyControl provides management for keys generated by KeyControl as well as keys generated natively in AWS.

KeyControl also integrates with Entrust nShield® hardware security modules (HSMs) either on premises or as a service. This allows customers to deliver added assurance and trust for cloud migrations by offering a FIPS 140-2 Level 3 validated source for key generation.

Designed for ease of deployment, enterprise scalability, automation and performance, KeyControl manages the encryption keys for all virtual machines and encrypted data stores, and can scale to support thousands of encrypted workloads in large deployments.

"The KeyControl unified management interface lets customers bring their own keys to AWS, and then manage those keys throughout their lifecycle" said Tushar Tambay, vice president, product development at Entrust. "As customers migrate their virtualized workloads to the cloud, KeyControl ensures they can do so with confidence, allowing key rotation schedules to be fully automated on a cadence aligned with their own security policies."