Entrust KeyControl is redefining cryptographic key and secrets management.
Traditional key management systems haven’t adapted to the realities and risks organizations with multi-cloud strategies face. Basic access controls, sparse metadata, and storage in one-size-fits-all key vaults should no longer be considered key management.
You are not effectively managing your keys and secrets if you are not in control and aware of who creates and uses them. Knowing where your keys are stored can be an essential component for compliance with corporate security policies and/or regulations that differ by location and use case.
Modern key management for a complex multi-cloud world
Entrust KeyControl is setting a new standard for key and secrets management by combining traditional key lifecycle management and a decentralized vault-based architecture with a comprehensive central policy and compliance management dashboard – the KeyControl Compliance Manager. The platform offers decentralized security with centralized visibility across the enterprise’s cryptographic assets.
The powerful combination can help ensure data is protected in compliance with stringent regulatory requirements and keys and secrets can be geolocated and managed to respect data sovereignty mandates.
KeyControl Compliance Manager: Data protection is in the details
The KeyControl Compliance Manager provides a powerful compliance dashboard with granular policy management and control of cryptographic keys and secrets across your enterprise. The unified dashboard allows you to view and monitor your organization’s cryptographic assets in vaults configured locally or geographically distributed.
Controlling your keys means managing your risks
The integrated policy engine in the KeyControl Compliance Manager provides fine-grained control of your cryptographic assets and full visibility, traceability, compliance tracking, and an immutable audit trail of all keys and secrets.
This can help make it possible for your organization to stay aware and in compliance with countless complex laws and regulations around the world that govern data privacy, security, and sovereignty.
The level of policy control lets you right-size your policies in ways you won’t find with traditional key management systems, such as setting up different policies for test keys over production or high-value keys, or requiring thorough metadata and documentation for each key that’s created.
KeyControl Vaults: Your Keys in the right place to help your company be in compliance.
Many traditional monolithic key management solutions offer only a single, centralized repository for storing keys – which for some use cases can be like putting all your eggs in one basket.
The KeyControl platform offers a new distributed vault architecture supporting the creation of fully isolated vaults that can help your organization meet your compliance obligations related to geographical data residency and data sovereignty mandates for cryptographic assets, while reducing attack surfaces and providing flexible arrangements for disaster recovery (DR) and contingency planning.
KeyControl Vaults for Your Use Cases
Lifecycle management for Key Management Interoperability Protocol (KMIP) workloads utilizing cryptographic keys, including virtualization platforms, backup and recovery, database, and storage.
High assurance FIPS 140-2 Level 3 root of trust and key lifecycle management for SQL databases using Transparent Data Encryption (TDE).
Control and Bring Your Own Keys (BYOK) while leveraging the benefits of the cloud. Ensure the strong provenance of keys and manage key lifecycles, automation, and key backups independent of the cloud provider.
Generate and Hold Your Own Keys (HYOK) throughout their lifecycle (on-premises or in a private cloud), while allowing your cloud service provider (CSP) to use the keys on your behalf.
Control Secure Shell (SSH) access and usage of administrative accounts while proactively enforcing security policies and recording privileged user activity in any environment.
Address a wide range of data protection use cases by providing data encryption, data tokenization with format-preserving encryption (FPE), data masking, and key management.
“In the face of persistent threats of cyberattacks, organizations demand cyber resilience for their data,” said Joseph Razavian, head of Security Alliances, Cohesity. “By running Entrust KeyControl 10 in conjunction with the Cohesity Data Cloud, enterprises not only gain automated and simplified encryption key management but can also better secure, manage and unlock value from their data no matter where their data is for comprehensive cyber threat protection."