Entrust has introduced KeyControl as a Service (KCaaS), which gives organizations control over their cryptographic keys while leveraging the benefits of the cloud.

Existing key management solutions may lack advanced capabilities needed to meet evolving compliance and security policy requirements. Additionally, they do not provide comprehensive contextual information about cryptographic assets, making effective management and risk assessment difficult.

Entrust KeyControl’s support for geographically distributed vaults enables highly effective management of keys and secrets while reducing aggregation risks within a cryptographic ecosystem. This approach enables data protection that is consistent with local security policies and contributes to regulatory compliance.

“Traditional key management solutions often fail to track and control keys and secrets throughout their lifecycle. As organizations increasingly rely on cryptography to protect their applications, workloads and data, this can lead to compliance and security issues,” said Bhagwat Swaroop, President, Digital Security Solutions at Entrust.

“When it comes to cloud data security, the ability to create, use and control encryption keys in the cloud is critical. As a result, organizations are increasingly turning to cloud-based as-a-service solutions to meet their cryptographic security needs, either in addition to or as a replacement for traditional on-premises solutions. Entrust KeyControl as a Service is specifically designed to address the challenges of securing data anywhere – including in the cloud – and managing keys and compliance in a heterogeneous and interoperable manner,” added Swaroop.

The new KCaaS solution helps address these challenges by providing a unified dashboard for complete visibility, traceability, compliance tracking, and an immutable audit trail of keys and secrets that can be conveniently managed through a cloud platform. The decentralized vault architecture ensures that keys remain secure at authorized endpoints while supporting a wide range of cryptographic use cases.

Additionally, the platform provides decentralized security with centralized visibility across the enterprise crypto ecosystem. This means that an organization’s crypto assets are not limited to a single, centralized repository.

“Veeam understands how key management systems can improve security and compliance,” said Stefan Renner, technical director of product management, alliances at Veeam, an Entrust partner. “By using key management solutions as a service, such as Entrust KeyControl, in conjunction with Veeam Backup & Replication™ (part of the Veeam Data Platform), we expect organizations to achieve greater flexibility in how they deploy their workloads – enabling better cyber resilience and cyber management.”

Key features and benefits of the KCaaS platform include:

• Key lifecycle management: Automates key storage, backup, distribution, rotation, and revocation, simplifying the management of encrypted workloads.
• Key inventory: Provides a central dashboard for detailed control, compliance and risk tracking, translating complex requirements into actionable insights.
• Decentralized vault architecture: Ensures that keys never leave their assigned vaults except to authorized endpoints, improving security and control.
• Flexible use cases: Supports a wide range of use cases and addresses different needs, such as Key Management Interoperability Protocol (KMIP), cloud key management options such as Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) deployments, secrets management, session management for privileged accounts, tokenization, and database protection.
• Compliance Management: Continuously track keys and secrets based on compliance standards or best practices.
• Scalability: Seamless scaling to support millions of keys and secrets.
• Risk assessment: Provides continuous risk assessment and tracking for keys and secrets, ensuring proactive management and mitigation of potential security threats.

By combining all the key elements such as transparency, compliance, risk measurement, documentation, processes, data sovereignty, decentralization, integration and third-party support, Entrust KeyControl as a Service can help meet the stringent regulatory challenges that organizations face today.

KeyControl as a Service is FIPS 140-2 Level 1 certified. For organizations requiring a higher level of security, KeyControl as a Service can be seamlessly integrated into a FIPS 140-3 and Common Criteria EAL4+ certified Entrust nShield Hardware Security Module (HSM).

The HSM provides an additional layer of security to protect the keys managed by KeyControl as a service. It is also used in the generation of cryptographic keys and ensures that high-quality entropy from the HSM’s random number generator is used in keys created and managed by KeyControl vaults, regardless of the vault type deployed.