Businesses are moving critical workloads to the cloud now more than ever. The business case to operate enterprise services “behind the firewall” is getting smaller and smaller. The global reach, high performance, operational resiliency and seamless migration offered by Amazon Web Services (AWS) and the other cloud providers is no longer too good to be true! It is an everyday fact of life for enterprise operations and business bottom lines.
Today, the cloud is an extension of the enterprise or more practically – the enterprise is now becoming an endpoint of the cloud!
Security: A Priority in the Cloud Era
However, another everyday fact of life for enterprise operations and business bottom lines continues to be security.
As the enterprise security footprint now extends beyond the firewall, the need to control trust and security is more important than ever. The enterprise IT organization no longer has complete control over the attack surface. AWS and the other providers recognized the importance of providing this control to customers, else they knew businesses would not connect their enterprise as an “endpoints” to the cloud if they couldn’t have control of the keys used to protect their data!
Customer experience and business resiliency are fundamental to the bottom line! The AWS external key store (XKS) capability was launched to give customers that “peace of mind” that comes with control – control of the keys used to encrypt the data processed by the business applications and services offered by the AWS cloud!
“External key stores allow you to protect your AWS resources using cryptographic keys outside of AWS. This advanced feature is designed for regulated workloads that you must protect with encryption keys stored in an external key management system that you control. External key stores support the AWS digital sovereignty pledge to give you sovereign control over your data in AWS, including the ability to encrypt with key material that you own and control outside of AWS.”
External key stores - AWS Key Management Service
Thus, cryptographic key management behind the firewall is perhaps more important now than before businesses began connecting to the cloud! And now that vital security principle can continue with Utimaco’s ESKM and AWS XKS.
Key Management Versatility – In the Cloud and still back On-prem
Now, thanks to the integration of Utimaco’s Enterprise Secure Key Manager (ESKM) with AWS XKS, businesses can take advantage of the flexibility and productivity of AWS’s cloud applications and services knowing that they still control their data and the keys protecting it!
Many of our customers come to us to help them navigate their journey to the cloud! Customers using ESKM to store and control keys used to encrypt databases, servers, storage drives and tape libraries can also protect the services consumed from the AWS cloud – from a single pane of glass! Should their business needs change to another cloud provider in the future, ESKM also has that covered as well – a cloud-agnostic platform allows businesses to migrate seamlessly.
How the Integration of Utimaco’s Enterprise Secure Key Manager with AWS XKS Works
Encryption and decryption operations are performed by the ESKM as an external key store. This is often times referred to as hold your own key (HYoK).
ESKM creates, manages and deletes keys and the AWS key management systems (KMS) never sees or manages these keys. ESKM also mediates all communication between a customer’s external key store within the AWS KMS. The easy-to-use ESKM cloud key management interface allows rapid deployment for one or multiple AWS external key stores. It’s simple to add and connect an AWS XKS cloud instance in ESKM with an external keystore in the AWS KMS as well as configure the XKS proxy.
The easy-to-use and design-friendly ESKM experience facilitates the trust between customers and the AWS cloud – the peace of mind that comes with control!
Utimaco’s User Interface
The AWS XKS portal via ESKM user interface
Top Benefits of Utimaco Enterprise Secure Key Manager’s and AWS integration
The integration with our flagship Key Management System provides several key benefits for customers migrating to AWS for their enterprise services, such as:
- Control: Full control and ownership of your keys
- Revoke Access: Revoke access any time to contain access to your data
- Flexibility: Use any encryption algorithm or key management service that suits your needs
- Multi-Cloud: You can encrypt data across different cloud providers for BYOK, HYoK, Google, Salesforce, Azure and others from a single key manager.
- Compliance: Comply with regulations and policies that require data protection and privacy.
- End-to-End Security: for data privacy & business continuity
Why Choose Utimaco’s Enterprise Secure Key Manager for Crypto Key Management?
Utimaco’s Enterprise Secure Key Manager is the single pane of glass, providing central access and management of all crypto keys; independent of their origin, whether for the cloud or on-premises.
ESKM provides full key control throughout their entire lifecycle. It ensures compliance with security policies and regulatory requirements such as GDPR, HIPAA, and PCI DSS, and helps to create reliable audit trails, helping to track who accessed what data at what point of time.
Discover Utimaco’s Key Management solutions and their flexible deployment options, either as hardware, virtual appliance or as a Service offering.
