Data Encryption solutions from leading public cloud providers such as Microsoft Azure, Amazon Web Services and Salesforce.com provide Bring Your Own Key (BYOK) services that enable customers to separate key management from provider-controlled encryption. CipherTrust Cloud Key Manager utilizes BYOK services to deliver key generation, separation of duties, reporting, and key lifecycle management that help fulfill internal and industry data protection mandates, all with FIPS 140-2-certified secure key storage.

Separate encryption keys from data encryption and decryption operations for compliance, best security practices and control of your data. Gain operational insights on encryption key usage with dashboards, reports and logs with CipherTrust Cloud Key Manager.

CipherTrust Cloud Key Manager centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab. Automated key rotation and federated login dramatically simplify key life cycle management.

CipherTrust Cloud Key Manager leverages the security of the Vormetric Data Security Manager to create keys and store them with FIPS 140-2 security. Safe cloud backup key storage is provided by a key escrow service for supported clouds. You control full key metadata control during upload and for keys in use.

With support for Amazon Web Services, Microsoft Azure, Microsoft Azure Stack, Microsoft Azure Germany and China national clouds, Salesforce.com and Salesforce Sandbox, CipherTrust Cloud Key Manager keeps you in control of encrypted data across multiple clouds from a single pane of glass, including across multiple accounts.

With the click of a button or an API request, keys are marked for automated key rotation on a per-cloud schedule. From then on, CipherTrust Cloud Key Manager performs key rotation automatically with comprehensive logging for IT efficiency and enhanced data security. Key Rotation may be specified for keys without expiration dates, or specifically for keys to be rotated prior to their expiration dates.

Deploy CipherTrust Cloud Key Manager with any number of keys already created at your cloud provider. It will synchronize its key database with your provider’s. Key attributes such as expiration rules and usage options are all maintained.

Each cloud service login is authenticated and authorised by the service provider - CipherTrust Cloud Key Manager includes no login data base nor requires AD or LDAP integration. Granular key usage authorization ensures that users see only permitted keys.

CipherTrust Cloud Key Manager has the full range of logs and reports you need for fast compliance reporting, including a per-cloud operational logs and a range of pre-packaged key activity reports.

CipherTrust Cloud Key Manager offers several convenient implementation choices to meet your security and deployment needs:

• All-software is available with FIPS 140-2 Level 1-certified security. Both the CipherTrust Cloud Key Manager Virtual Appliance and virtual Data Security Manager can be instantiated in Amazon Web Services and Microsoft Azure, or deployed in any private cloud leveraging VMware.
• Customer that require FIPS 140-2 Level 3 or 2 can deploy or utilize existing Vormetric Data Security Manager appliances or supported HSMs in on-premises or hosted data centers.

• Microsoft Azure, Microsoft Azure Stack, and Azure Germany and China National Clouds, Microsoft Office 365
  • Prerequisite: Microsoft Azure Key Vault
• Amazon Web Services
  • Prerequisite: Key Management Services
• Salesforce.com
  • Prerequisite: Salesforce Shield Platform Encryption

• Azure Marketplace
• Amazon AMI
• .OVF for VMware and compatible virtualization

• Virtual Data Security Manager: FIPS 140-2 Level 1
• Vormetric Data Security Manager model 6000: FIPS 140-2 Level 2
• Vormetric Data Security Manager model 6100: FIPS 140-2 Level 3
• Supported HSMs

• Microsoft Azure: OAuth Federation
• Salesforce: OAuth Federation
• Amazon Web Services: Key and Secret