Skip to main content

Entrust Updates Cloud Key Lifecycle Management as Organizations Migrate to Multi-Cloud Environments




News Room Media Inquiry

News Room Media Inquiry

Two people looking at a tablet

Latest version of KeyControl software adds automated key lifecycle management for Amazon Web Services (AWS), allowing enterprises to maintain full control of their cryptographic keys

MINNEAPOLIS (July 22, 2021)Entrust, a global leader in trusted identity, payments and data protection, today announced cryptographic key lifecycle management functionality for customer-generated keys used in Amazon Web Services (AWS). This enables organizations to automate and extend control of their cryptographic keys across public clouds, enabling support for BYOK and native AWS keys through an intuitive interface.

“As customers migrate their virtualized workloads to cloud services, they want to maintain control of the encryption keys that protect their critical data,” said Eric Chiu, vice president, data protection solutions at Entrust. “Entrust now gives customers full control over the customer master keys in AWS, and we plan to extend this control across multiple public cloud service providers. KeyControl backs up and automates master keys in the key management system (KMS), to ensure full control of their keys from generation to retirement. As customers sail in the uncharted waters of multi-cloud deployments, they can benefit from the agility of running their workloads in AWS, while keeping one hand on the tiller – ensuring control over where their IT assets are headed.”

Customers who bring their own cryptographic keys to AWS can leverage Entrust KeyControl software, formerly HyTrust KeyControl, to securely generate and manage keys throughout their lifecycle, underpinned by a FIPS 140-2 root of trust. The KeyControl Key Management Server (KMS) facilitates fine-grained control over key access, while the unified management interface provides a consistent user experience for keys hosted in the KMS. The newest version of KeyControl provides management for keys generated by KeyControl as well as keys generated natively in AWS.

KeyControl also integrates with Entrust nShield® hardware security modules (HSMs) either on premises or as a service. This allows customers to deliver added assurance and trust for cloud migrations by offering a FIPS 140-2 Level 3 validated source for key generation.

Designed for ease of deployment, enterprise scalability, automation and performance, KeyControl manages the encryption keys for all virtual machines and encrypted data stores, and can scale to support thousands of encrypted workloads in large deployments.

“The KeyControl unified management interface lets customers bring their own keys to AWS, and then manage those keys throughout their lifecycle” said Tushar Tambay, vice president, product development at Entrust. “As customers migrate their virtualized workloads to the cloud, KeyControl ensures they can do so with confidence, allowing key rotation schedules to be fully automated on a cadence aligned with their own security policies.”

Additional Information
Product page: Entrust KeyControl
Blog: Navigating your way in the cloud

About Entrust Corporation
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. For more information, visit