CENTRALIZED ENCRYPTION KEY MANAGEMENT SERVER (KMS)
Why Townsend Security Alliance Key Manager
Improve Security with Enterprise Key Management
Once data is encrypted, your private information depends on enterprise level key management to keep that data safe. The solution provides high availability, standards-based enterprise encryption key management to a wide range of applications and databases.
Compliant. Comprehensive. Cost Effective
Alliance Key Manager is a FIPS 140-2 compliant enterprise key manager that helps organizations meet compliance requirements and protect private information. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. At no extra charge, deploy Townsend Security’s ready-to-use security applications for MongoDB, Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption (CLE), Microsoft SharePoint encryption, and other applications. There are never extra fees for based on the number of nodes/databases or deploying client-side applications.
Meet PCI DSS Encryption Key Management Requirements
For VMware users who need to meet compliance, Alliance Key Manager has been validated for PCI DSS in VMware by Coalfire, a PCI-qualified QSA assessor and independent IT and audit firm. Enterprises across all industry verticals, regardless of where they deploy VMware, are subject to PCI DSS compliance if they process electronic payments.
Key Access Control Addresses PCI-DSS Requirements
Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.
Encryption and key management can help meet privacy requirements of the EU General Data Protection Regulation (GDPR), as well as the right of erasure (right to be forgotten).
Key Management Interoperability Protocol (KMIP) Support
Meeting the OASIS KMIP standard enables interoperable communication between cryptographic environments and encryption key managers – which reduces the operational, training, and infrastructure costs for businesses. Applications and databases that support KMIP can deploy Alliance Key Manager to easily begin protecting encryption keys.
Works with all major business platforms (IBM Power Systems i, IBM System z, Windows, and Linux), leading encryption applications, and legacy devices. Alliance Key Manager is trusted by over 3,000 customers worldwide to protect intellectual property (IP), personally identifiable information (PII), and protected health information (PHI).
Sample Client Binary and Source Applications
Binary key retrieval and encryption libraries are provided for all major operating systems to enable rapid deployment of encryption key retrieval or on-device encryption applications. Sample source code is also provided for Java, .NET (C#), C, RPG, and COBOL applications.
Dependable, Reliable and Secure
Alliance Key Manager mirrors keys between multiple key management appliances over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support. Organizations can choose to mirror key managers on-premises, in the cloud, or a hybrid of the two.
Complete Audit Trail
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Key Change and Rotation
Automatically or manually rotate encryption keys. Security administrators can define the frequency of key rotation based on internal security policies. When a key change occurs, the new version is created and the old version is moved to a historical database and available for cryptographic operations.
GUI System Administration
Alliance Key Manager provides a Java GUI application to create and manage encryption keys and access policies. All access to security administration is authenticated using TLS client and server authentication. A system option allows requiring multiple security administrator logins to meet compliance regulations for Dual Control.
On-device Encryption and Decryption Services
For applications that require the highest level of security, you can use the on-board NIST-compliant encryption and decryption services. The encryption key never leaves the key server device with on-board encryption services. Small chunks of data, such as credit card numbers, Social Security numbers, e-mail addresses, etc., are prime examples of things you can use onboard encryption for effectively.
Key Management for Your Platform
Customers can deploy Alliance Key Manager in VMware, or in the cloud (AWS, Azure, IBM Cloud). Regardless of the platform, Alliance Key Manager runs the same FIPS 140-2 compliant software, allowing organizations to meet compliance requirements (PCI DSS, HIPAA, GDPR, etc.) and security best practices.
ISV Integration Features
ISV and OEM customers can rapidly deploy embedded key management solutions using Alliance Key Manager’s binary APIs. Encryption keys include user-defined fields for encryption key cross-reference requirements. Townsend Security works with ISVs and OEMs for branded and independently NIST validated solutions.
Alliance Key Manager is built for OEM integration. Learn more about our OEM program and how to boost revenue and stay ahead of the competition.