Key Management System (KMS) FOR AWS XKS

AWS KMS has a feature called AWS External Key Store (XKS) that allows secure communication with external encryption keys. This means that you hold your own key (HYOK).

Using this solution, it’s possible to encrypt data with private external keys for many AWS services including Amazon EBS, AWS Lambda, Amazon S3, Amazon DynamoDB, and over 100 other services. It is possible to do this without requiring any modifications to the current configuration parameters or code used for these services.

graphics of how AWS XKS works
graphics of how AWS XKS works
Complior currently offers a Key management ( KMS) as a service based on Thales CipherTrust manager, protected by Thales HSM. This service is provided to our customers through secure data centers in Stockholm, Sweden.

Obtain digital sovereignty and meet compliance requirements

  • Using CipherTrust manager and Cloud Key Manager (CCKM).
  • Hold keys outside of AWS to align with the shared responsibility model.
  • Choose between industry-leading CipherTrust Manager or Thales HSM as a key source.
CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, provides key generation, separation of duties, reporting, and key lifecycle management to assist in fulfilling internal and industry data protection mandates. It is FIPS 140-2 Level 3 certified.
This solution enables organizations to:
  • Manage Native, BYOK, HYOK keys across clouds from a single console, maximizing choice.
  • Demonstrate compliance with privacy regulations such as GDPR, Shrems II, PCI-DSS, CCPA.
  • Improve operational sovereignty to protect against internal and external threats.
  • Centralize control of keys outside of cloud providers to reduce the threat surface.
  • Simplify key management to increase efficiency and reduce costs.
  • Speed up migration to the cloud for faster time to value.

Learn more

GET STARTED TODAY

Contact us

Copyright 2024 Complior AB. All rights reserved.