Imagine sailing the Pacific Ocean for the first time. It’s a voyage that could be perilous, with no guarantees of smooth weather and steady winds. So you do everything you can to prepare – gaining the experience of others, adding the latest navigation equipment, plotting the safest course, making sure the ship is – well – shipshape. In other words, taking control of every aspect of the journey that you can.
Moving your business to the cloud can feel like sailing into uncharted waters when you talk about security. But you can learn from the experience of people who have been there before, and make sure your organization has the tools you need to take control of your cloud journey.
Entrust keeps advancing these tools. We have just added important new features to Entrust KeyControl software, formerly HyTrust KeyControl. Designed for enterprise scalability and performance, KeyControl software manages the encryption keys for your virtual machines and encrypted data stores, and can scale to support thousands of encrypted workloads in large deployments.
Typically, these workloads are Key Management Interoperability Protocol (KMIP) compliant. KMIP orchestrates cryptographic keys at scale to ensure that they are created and delivered securely to a myriad of virtualized workloads. The latest feature in KeyControl allows you to create cryptographic keys and import them into Amazon Web Services (AWS). So that means that, as you use virtualized workloads in AWS, you provide your own keys. What is nice about that is that you are in control, a bit like being at the wheel of a yacht and feeling in control of your journey.
It’s clear this desire for control is gaining traction. Our recent Entrust annual Global Encryption Trends Study found that while 17% of organizations currently own Hardware Security Modules (HSMs) to generate and manage BYOK (Bring Your Own Key) to send to the cloud for use by the cloud provider. In the next 12 months, 24% plan to use HSMs in this way.
Calling it bring your own key (BYOK) under-represents the true capabilities of KeyControl. In addition to being able to generate your own keys using a FIPS 140-2 Level 3 and Common Criteria EAL4+ root of trust, KeyControl provides a full key management server for keys through their entire lifecycle. It also offers unified key management via a single pane of glass graphical user interface. This makes it easy to monitor both the keys you generate, and those created natively in AWS. And of course, those keys are backed up (and recoverable) in KeyControl, keeping you in command while giving you granular key lifecycle management for expiry actions such as disable, delete, and rotation when it’s time to replace a key.
Tacking around to my sailing analogy, we can’t all be at the wheel, but with Entrust KeyControl utilizing your own key generation capability for AWS, you can certainly be in control of your critical cryptographic keys and your migration into the modern multi-cloud environment. Hoist the mainsail!
Find out more about the newest version of Entrust KeyControl here.