Featured Article from Cloud Security

Thales AWS Key Management Service Support Gives Organizations More Security Control

August 16, 2016

The migration to the cloud is in full swing, and as more organizations make the switch, one prevailing issue still dominates the conversation: security. The digital threat that currently exists with on premises systems has since it inception been an obstacle to even more robust cloud adoption.  It is the reason why service providers are beefing up security measures to protect customers and their digital assets. As the largest cloud service provider in the world, Amazon Web Services (AWS) has its eyes squarely on assuring security with a case in point being the company’s key management service, AWS KMS. This service is designed to simplify the way users can create and control the encryption keys used to encrypt their data.  And, given the growth and need for encryption making it easy-to-use is a critical driver for it actually being used.

Thales, a leading provider of critical information systems, cyber security and data protection, is going to support AWS KMS with improved security and greater control with bring your own key (BYOK) with hardware key protection.

The AWS KMS is integrated with many of the AWS services, including AWS CloudTrail to encrypt data with encryption keys so users can manage access to their information with key usage logs to address their auditing, security and regulatory compliance needs.

Jon Geater, Chief Technology Officer at Thales e-Security, said, "Local control over the generation and storage of keys can help organizations meet the security and compliance requirements needed in order to run their most sensitive workloads in the cloud."

Thales is going to use its Hardware security modules (HSMs) and key management to give organizations yet another added level of control of the lifecycles of the keys to use in the cloud, so they can terminate or retire keys as needed. With this feature, businesses will be able to control critical business operations on premises, while deploying applications in the cloud.

The Thales HMS is a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management. This platform maintains high levels of operational efficiency while giving organizations established and emerging standards of due care for cryptographic systems and practices for high assurance security solutions. It can be integrated with almost any cryptography system, including AWS KMS.

The keyAuthority from Thales on the other hand automates key lifecycle policies from the time it is created until it is destroyed across all of the assets of an organization, even if it spans many locations around the world. This capability not only ensures the most current keys are available at any given time, but it also eliminates the complexities and inconsistencies of manual operations.

It goes without saying, delaying the destruction of any key can result in a major security breach that can cost an organization huge losses. By removing the manual operations from the process, it gets rid of the errors that are prone to manually executing a task.

Geater added, "As organizations focus on moving their more sensitive data and applications to the cloud, sound encryption key management has become a more important consideration. The ability to manage cryptographic keys in-house and release them to cloud providers only on a 'need to use basis' is becoming an increasingly powerful tool and one that Thales has the proven experience and expertise to deliver.

Whether the organization is a large enterprise or a small business, AWS KMS will now be able to give administrators even more control over encryption keys with Thales' Hardware security modules (HSMs) and keyAuthority as they migrate to the cloud. 




Edited by Peter Bernstein

Article comments powered by Disqus

FREE eNewsletter

Get the Latest Cloud Security News

ArrowSubscribe Now