Streamline Key Management Across Multiple Cloud Services

Gain operational efficiency, compliance, and security by centrally managing multiple cloud provider encryption keys with CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager

For virtually every organization today, the adoption of multiple cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With the CipherTrust Cloud Key Manager, your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.

ciphertrust cloud key manager

ciphertrust cloud key manager

Available as a Software as a Service (SaaS) offering, CipherTrust Cloud Key Manager supports a growing list of infrastructure-, platform- and software as a service (IaaS, PaaS and SaaS) providers. SaaS solutions include Microsoft Office365 and Supported IaaS/PaaS solutions include Microsoft Azure, Microsoft Azure Germany and China National Clouds, Microsoft Azure Stack, and Amazon Web Services.

On-premises or private cloud deployment of CipherTrust Cloud Key Manager is available for customers facing more stringent key management security mandates.

Gain Strong Key Control and Security

Data Encryption solutions from leading public cloud providers such as Microsoft Azure, Amazon Web Services and provide Bring Your Own Key (BYOK) services that enable customers to separate key management from provider-controlled encryption. CipherTrust Cloud Key Manager utilizes BYOK services to deliver key generation, separation of duties, reporting, and key lifecycle management that help fulfill internal and industry data protection mandates, all with FIPS 140-2-certified secure key storage.

Fulfill Best Practices

Separate encryption keys from data encryption and decryption operations for compliance, best security practices and control of your data. Gain operational insights on encryption key usage with dashboards, reports and logs with CipherTrust Cloud Key Manager.

Enjoy Enhanced IT Efficiency

CipherTrust Cloud Key Manager centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab. Automated key rotation and federated login dramatically simplify key life cycle management.

Strong Encryption Key Security

CipherTrust Cloud Key Manager leverages the security of the Vormetric Data Security Manager or Thales nShield Connect Hardware Security Modules to create keys using advanced random number generation mechanisms and store them with FIPS 140-2 security. Safe cloud backup key storage is provided by a key escrow service for supported clouds. You control full key metadata control during upload and for keys in use.

True Multi-Cloud Support

With support for Amazon Web Services, Microsoft Azure, Microsoft Azure Stack, Microsoft Azure Germany and China national clouds, and, CipherTrust Cloud Key Manager keeps you in control of encrypted data across multiple clouds from a single pane of glass, including across multiple accounts.

Automated Key Rotation

With the click of a button or an API request, keys are marked for automated key rotation on a per-cloud schedule. From then on, CipherTrust Cloud Key Manager performs key rotation automatically with comprehensive logging for IT efficiency and enhanced data security. Key Rotation may be specified for keys without expiration dates, or specifically for keys to be rotated prior to their expiration dates.

Comprehensive Key Management

Deploy CipherTrust Cloud Key Manager with any number of keys already created at your cloud provider. It will synchronize its key database with your provider’s. Key attributes such as expiration rules and usage options are all maintained.

Federated User Access to Key Management

Each cloud service login is authenticated and authorised by the service provider - CipherTrust Cloud Key Manager includes no login data base nor requires AD or LDAP integration. Granular key usage authorization ensures that users see only permitted keys.

The Compliance Tools You Need

CipherTrust Cloud Key Manager has the full range of logs and reports you need for fast compliance reporting, including a per-cloud operational logs and a range of pre-packaged key activity reports.

Implementation Choices that Match Your Needs

CipherTrust Cloud Key Manager is available as a service in the cloud or for on-premises deployment.

  • “As a Service” combines convenience with control required for many data security mandates. Keys are stored with FIPS 140-2 Level 1 security. There is no need to architect, deploy or maintain a high-availability key management solution on-premises.
  • “On Premises” allows highly regulated organizations to store encryption keys on up to FIPS 140-2 Level 3 Common-Criteria-certified security, while leveraging a subscription-based pricing model. Virtual appliance form factors support on-premises private clouds or private instance deployments in AWS or Azure.
Supported Cloud Providers:
CipherTrust Cloud Key Manager Virtual Solutions for Private Cloud
  • Azure Marketplace
  • Amazon AMI
  • .OVF for VMware and compatible virtualization
Key Security:
  • Cloud Service: FIPS 140-2 Level 1
  • On-Premises Service: up to FIPS 140-2 Level 3
Authentication Integration:
  • Microsoft Azure: OAuth Federation
  • Salesforce: OAuth Federation
  • Amazon Web Services: Key and Secret

White Paper : Best Practices for Secure Cloud Migration

Smart, centralized Cloud Key Management is only part of a broad strategy in adopting cloud services. Read this white paper to learn about Cloud Security Alliance Security Guidance v4.0 and specific customer use cases with actionable advice based on Security Guidance v4.0 to help you make real-world decisions for your secure cloud migration.


Solution Brief : CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager reduces key management complexity and operational costs by giving customers lifecycle control of encryption keys with centralized management and visibility. Read the solution brief for an overview of its features, capabilities and benefits.


Analyst Research : the CipherTrust Cloud Key Manager for Multicloud Data Security

This Enterprise Strategy Group white paper discusses the general need for Key Management as a Service for users of multiple cloud environments, identifying many features of the CipherTrust Cloud Key Manager as critical for data control when used with cloud provider encryption.

Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us