ENCRYPTION KEY MANAGEMENT
MAINTAIN EXCLUSIVE CONTROL OVER YOUR ENCRYPTION KEYS
You don’t share the keys to your car with strangers. And you can’t allow outsiders to have access to the encryption keys that protect your sensitive business data. CipherCloud enables you to encrypt data before it leaves your organization and maintain exclusive control over the keys, with enterprise-class encryption key management capabilities.
CipherCloud Key Management Provides:
- Exclusive control over the encryption process and keys
- Standards-based key management
- Integration with external KMIP-compliant key management tools
- Split keys between multiple custodians
- Key rotation and expiration without affecting legacy data
Key management is fundamental to the value that CipherCloud delivers, and customers always maintain exclusive control over their encryption keys and are never required to share them with third parties. Cloud providers who store data encrypted by CipherCloud have no ability to leak or disclose this data because they never have access to the keys. This type of iron-clad assurance enables the most security-minded organizations to safely store sensitive data in the cloud because the possibility of leaks or forced disclosure by outsiders is eliminated.
STANDARDS-BASED KEY STORAGE
CipherCloud provides enterprise key management capabilities in compliance with NIST SP 800-57 standards. Multiple key storage options allow keys to be stored securely on the CipherCloud platform or separately on a KMIP-compliant key management server. Keys stored within CipherCloud have multiple layers of protection:
- Administrative access to the server is password-protected
- Information about key configuration is kept on the server in an encrypted configuration file, accessible only to administrators
- The encryption keys are locked within a secure key store on the CipherCloud Platform
KEY MANAGEMENT AND ROTATION
Protecting your encryption keys is essential for your business and CipherCloud provides a range of tools to assure ongoing security. Keys can be split between multiple custodians to reduce internal threats. Keys can also be rotated or expired without affecting access to legacy data.