Secure Channels HSM

Secure Channels HSM

Compliant hardware with redundancy and high-availability built in

FIPS Compliant Hardware Security Module deployable to any private infrastructure, with advanced tools and extensibility into existing security deployments.

Cloud Key Manager

Cloud based Key Generation and Management system for Amazon, Azure, or a Cloud vendor of your choosing which enables a light, scalable, and extensible Key Management solutions outside of your data center.

Virtual Private Key Management

FIPS Compliant KenGen for any Hypervisor – VMware, Hyper-v and Xen server.

Enterprise Key Manager

Enterprise Key Manager

Securely and efficiently maintain the relationship between encryption keys and the people, machines, or applications they belong to.

The solution provides high availability, standards-based enterprise encryption key management to a wide range of applications and databases.

Enterprise Key Management Solutions

Proper use of encryption tools is one of the best, and sometimes the only way to prevent breaches or failures that lead to breaches.

Enterprise organizations have significant capital investments in their network and data infrastructure. The IT organization is responsible for maintaining the IT operations, avoiding downtime or failures, and securing the value IP stored within them. Loss of productivity and revenue can be substantial if systems become disabled or data is breached.

In order to make encryption useful and easy to use it needs to integrate with the rest of the Enterprise’s IT infrastructure.

Use Cases

Importance of Key Management

Every enterprise has one (or more) Identity Management systems which can identify people, machines and applications which make up the information systems of the company.

There are always data sets that need encrypting – but it needs to be encrypted ‘for’ someone and decrypted ‘by’ someone.

Even encrypted backups must be able to be decrypted in order to make use them.

Secure Channels’ Enterprise Key Management solutions help solve these problems by maintaining the relationship between encryption keys and the people, machines, or applications they belong to.

Unlike other solutions that only address a single area or technology, Secure Channels’ Enterprise Key Manager can support varying Levels of assurance for authentication, or expanding the usefulness of a Public Key Infrastructure, or integrating with a SAML IDentity Provider. The Write-Only Escrow function of the Key Manager employs a public-key pair, and only the encryption key is kept on the Key Manager. Once configured, the decryption key is given to an authorized keyholder, and does not exist anywhere else making it impossible to extract any of the escrowed information without it.

Even if it were possible for a hacker to completely compromise the Key Manager, it would *still* be impossible for the hacker to get the escrowed information. The keys and functionality are only available outside the box using the defined interfaces and protocols. The protocols are all mature and have all been fully vetted by the security community.

Internally, nothing is stored on-disk except in encrypted form, so they  can be safely backed-up, on or off-site, with no additional precautions. Defensive programming techniques are used to erase keys from RAM once they are used, and the keys for the databases are kept in an HSM outside of RAM. Even if a hacker were able to get a memory image of the Key Manager while it was operating no global compromise of the Key Manager would have occurred. Since the Key Manager has custody of “the keys to the kingdom” multiple layers of defense are used to prevent any external breach of your most important secrets.

Technical Details

Enterprise Key Manager Specifications and Support

Hardware Security Module (HSM)
Secure Channels Enterprise Key Manager is provided on a reliable appliance platform with RAID storage protection, dual power supplies, and flexible hardware support options.

Secure Channels Enterprise Key Manager is available as a VMware virtual appliance. Using exactly the same software as the Hardware Security Module (HSM) with FIPS-140-2 compliance, the VMware instance can be deployed in your IT Data Center or in a cloud environment that supports the vCloud architecture. Secure Channels Key Manager in VMware can help you meet PCI Data Security Standards for encryption
key management when deployed according to the PCI virtualization guidelines. The VMware ESX, vSphere (ESXi), and vCloud platforms are supported by this option.

Amazon Web Services
Deployed as an AMI in Amazon Web Services, Secure Channels Enterprise Key Manager for AWS relies on the same FIPS 140-2 compliant technology as the company’s flagship Secure Channels Key Manager HSM that is in use by over 3,000 customers worldwide. When Secure Channels Key Manager for AWS is launched for the first time, it will automatically generate a certificate authority, client-side credentials, and create encryption keys that you can immediately use with SQL Server, SharePoint, MySQL, and other applications you run in AWS.

Microsoft Azure
The same FIPS 140-2 validated key management solution available in Secure Channels’ hardware security module (HSM) can also run as a virtual machine in Microsoft Azure. You can easily deploy the best encryption key management solution for your cloud applications directly in Microsoft Azure and leverage all of the management options provided by Microsoft.

NIST FIPS-140-2 Level 1
NIST AES Validation NIST SHA Validation
NIST compliant RNG (x9.31) NIST HMAC Validation

A one-year warranty is included with the server

Customers can elect to have the servers delivered, installed, and configured via a comprehensive installation program.