Cryptomathic Launches Cloud-Based ‘Bring Your Own Key’ Encryption Key Management Service for Users of Amazon Web Services

by Cryptomathic on 27 October 2022

As a leading encryption key management specialist, Cryptomathic is proud to announce the launch of the Cryptomathic AWS BYOK Service, a cloud-based service that enables security-conscious users of Amazon Web Services globally to harness enterprise-class Bring Your Own Key (BYOK) encryption key management capabilities on demand.

BYOK encryption management offers enterprises the opportunity to forego the influence of the cloud provider’s default-generated encryption keys, by adding their own, thereby increasing security and control while simultaneously simplifying compliance audits. In response to the growing demand for BYOK among organizations that lack the technical resources to take advantage of BYOK encryption in the AWS public cloud, Cryptomathic has created a truly self-service SaaS solution, backed by HSMs (hardware security modules).

Matt Landrock, CEO, Cryptomathic Inc. comments: “All companies should have the opportunity to access best-in-class cloud security. Yet, until now, advanced encryption key management approaches like Bring Your Own Key have only been available to organizations that have the technical knowledge and resources needed to maintain hosting and managing their own HSMs. Today, Cryptomathic is changing that. The Cryptomathic AWS BYOK Service brings enterprise-class encryption key management to companies of all shapes and sizes, in the form of a simple, user-friendly, subscription-based cloud service. We’re making the management of encryption key lifecycles accessible and automated, while remaining fully auditable and, importantly, keeping those BYOK keys under the user's control.”

With Cryptomathic’s AWS BYOK Service, cloud customers can add cryptographic key material to the AWS key hierarchy, thereby enhancing the security model with additional entropy from their preferred source. AWS combines this key material with their own, making for a truly unique set of keys used to protect the encryption keys in question. In other words, as long as a business always remains in possession of its keys, and those keys are kept secure—such as within a hardware security module (HSM) - the enterprise can be confident that they are truly in control of their encrypted data.

The Cryptomathic AWS BYOK Service provides the following benefits:

  • Additional peace of mind: AWS encrypts users’ cloud data using AES-256, the industry’s leading standard. They retain users’ BYOK keys within the confines of an HSM, and therefore their personnel cannot decrypt or read data at rest. In other words: To decrypt, the data must use that same key hierarchy.
  • A comprehensive security solution: With Cryptomathic’s AWS BYOK Service, most types of data at rest can afford an added level of security management.
  • No additional overhead: Since AWS already encrypts users’ data at rest, the BYOK option provides enterprises with an additional element of control, and with only a few restrictions (subject to the individual BYOK-enabled services).
  • GDPR Compliance for the Cloud: BYOK can help address security and privacy concerns about GDPR and Schrems II.

The Cryptomathic AWS BYOK Service is now live and accessible to companies globally, today. Details of subscription packages can be found here.

Other Related Articles: # Key Management in the Cloud # AWS BYOK

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.