Entrust launches KCaaS, enhancing cloud-based key management

Entrust has announced the launch of KeyControl as a Service (KCaaS), a cloud-based solution designed to give organisations control over their cryptographic keys while utilising the advantages of the cloud. The service aims to address gaps in existing key management solutions which often lack advanced features necessary for modern compliance mandates and security policies.

Existing key management options frequently fall short in offering comprehensive contextual information about cryptographic assets, making effective management and risk assessment challenging. Entrust President of Digital Security, Bhagwat Swaroop, highlighted the significance of the new platform. "As enterprises increasingly rely on cryptography to safeguard their applications, workloads, and data, this can lead to compliance and security challenges,” he said. “When it comes to cloud data security, the ability to create, use, and control encryption keys in the cloud is vital."

Swaroop added that organisations are turning to cloud-based, as-a-service solutions, either to supplement or replace traditional on-premises key management systems. "Entrust KeyControl as a Service is designed specifically to help address the challenges of securing data everywhere—including in the cloud—and managing the keys and compliance in a heterogeneous and interoperable way," he noted.

The KCaaS platform offers a unified dashboard that provides complete visibility, traceability, and compliance tracking for keys and secrets. This dashboard is supplemented by an immutable audit trail that can be accessed via the cloud. The solution employs a decentralized vault architecture, ensuring keys remain secure within authorised endpoints. This approach supports a diverse range of cryptographic use cases while offering centralized visibility across an enterprise's cryptographic ecosystem.

Stefan Renner, Technical Director of Product Management, Alliances at Veeam, also spoke on the integration of key management systems in enhancing security and compliance. "By running key management solutions as a service, such as Entrust KeyControl, in conjunction with Veeam Backup & Replication (part of the Veeam Data Platform), we anticipate enterprises will leverage more flexibility in the deployment of their workloads—enabling greater cyber resiliency and management," Renner said.

KCaaS is designed to assist enterprises in various aspects of key management, including lifecycle management, inventory, and compliance. Key Lifecycle Management automates several processes, such as storage, backup, distribution, rotation, and revocation of keys. The Key Inventory feature offers a centralised dashboard for controlling, compliance tracking, and risk assessment, converting complex requirements into actionable insights.

The platform's decentralized vault architecture ensures that keys only leave their designated vaults when accessed by authorised endpoints, enhancing overall security. It also supports different use cases, from Key Management Interoperability Protocol (KMIP) to secrets management, tokenization, and database protection. Compliance Management within the platform provides continuous tracking of keys and secrets against accepted standards or best practices. Furthermore, its scalability allows it to support millions of keys and secrets.

Entrust emphasizes the importance of continuous risk assessment and management with Risk Scoring, a feature designed to ensure proactive security threat mitigation. By combining visibility, compliance, risk measurement, documentation, processes, data sovereignty, decentralization, and third-party support, KCaaS aims to assist enterprises in meeting stringent regulatory challenges.

The platform is certified to FIPS 140-2 Level 1, and organisations requiring higher levels of assurance can integrate KCaaS with Entrust’s FIPS 140-3 and Common Criteria EAL4+ certified nShield Hardware Security Module (HSM). The HSM provides an extra layer of protection for keys managed by KCaaS and plays a role in the cryptographic key generation process, ensuring high-quality entropy from the random number generator.