With Cryptomathic's AWS BYOK Service, we provide organizations with a secure service with HSMs (hardware security modules) that are under the sole logical control of Cryptomathic, dedicated only to BYOK for AWS applications.
Our AWS BYOK Service allows you to generate, push and manage your own keys within 10 minutes:
The service also gives you a 365-degree view of all your keys, including key-lifecycle information and user activity.
AWS happily takes care of generating and managing all encryption keys for you when you use AWS services. However, many AWS clients are uncomfortable with leaving all keys in the hands of their hyperscaler, thus AWS introduced the notion of BYOK: Bring Your Own Key.
The process is simple enough: Generate your own (symmetric) key and encrypt it using AWS’ public key. Then upload it to AWS KMS, set the permissions and you're done.
Let us take care of it for you – click here to start a free trial!
Our AWS BYOK Service frees you from the hassle of having to procure, setup, manage, patch and maintain your own key-generation and management infrastructure, which is resource-intensive and requires specialist know-how.
The system also enables you to securely export keys for backing up to third party key management systems.
For security and control purposes, Cryptomathic provides hosted HSMs which are under our full logical control. They are operated out of Northern Europe, firmly within the EU in a SOC 2 data center.
Many organizations want to improve on their compliance profile with regards to privacy and security frameworks where encryption and a degree of self-control are required. Examples include GDPR, HIPAA, PCI-DSS and other.
With the Cryptomathic BYOK as a Service solution you will be able to demonstrate compliance by downloading reports on the system and by documenting which keys where generated, when they were pushed and when any changes happened.