KeySecure

  KeySecure


OVERVIEW

SafeNet KeySecure is an  Enterprise Key Management (EKM) solution that enables a single, centralized platform for managing cryptographic keys, certificates and applications. As the use of encryption proliferates throughout the corporation, security teams must scale their management of encryption keys, including key generation, key import and export, key rotation, and much more. With KeySecure, administrators can simultaneously manage multiple, disparate encryption appliances and associated encyrption keys, passwords and certificates through a single, centralized key management platform. 

 

Heterogeneous Key Lifecycle Management 

With KeySecure can centrally manage and record key attributes, state changes and key provisioning for disparate encryption solutions.

 

Granular Policy Administration  

KeySecure enables granular authorization controls based on user key permissions. Existing access controls can be automatically retrieved from  LDAP/Active Directory services and further defined within the KeySecure Administration console to provide an additional layer of access management.

 

Centralized Monitoring and Auditing for Compliance Mandates 

KeySecure has built-in auditing, logging, and alerting for facilitating compliance mandates. All keys are securely managed, key ownership is clearly defined, and key lifecycle management and modifications are record

 

SPECIFICATION

 

Security

  • NIST FIPS 140-2 Level 3 for SafeNet LUNA® PCI-e Cryptographic Module embedded encryption card (validation in process)

Cryptography:

  • AES, 3DES, DES, RSA (signatures and encryption), RC4, HMAC SHA-I – SHA512, SEED encryption
    • Asymmetric key sizes
      • 1024, 2048, 3072, 4096
    • Symmetric key sizes
      • 128, 192, 256

Key Management Protocol

  • OASIS KMIP (Key Management Interoperability Protocol) 1.0 Specification compliant
  • NIST 800-57 Key Lifecycle support
  • Symmetric Key, Asymmetric Key, Opaque, Secret Data, Template
  • Operations: Create, CreateKeyPair, Register, Get, GetAttribute, GetAttributeList, Locate, Query, Add/Delete/Modify Attributes

Role-based Management Control

  • Multiple restricted roles can be defined for each administrator
  • Automated, self-contained key management
  • Multi-credential administrative authorization for sensitive security operations

Key Availability and Capacity

  • Secure key replication to multiple appliances
  • Intelligent key sharing via key sharing groups

High Availability and Redundancy

  • Active-Active mode of clustering
  • Multiple geographies
  • Hierarchical clustering

Supported Technologies

API support

  • iCAPI, KMIP, PKCS #11, JCE,MSCAPI, and .NET

Network management

  • SNMP (v1, v2, and v3), NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encrypted and integritychecked backups and upgrades, extensive statistics

System administration

  • Secure Web

Supported Directory Services

  • LDAP and Active Directory services

Deployment Options

KeySecure k460

  • Up to 1 million symmetric & asymmetric keysstored per cluster
  • Up to 1,000 concurrent clients

Supported Appliances

  • Hardware Security Modules (HSM)
    • SafeNet LUNA SA
    • SafeNet LUNA PCI
  • NAS, SAN & DAS Storage appliances
    • SafeNet’s storage encryption solution, StorageSecure
    • NetApp NSE, DataFort and LKM
  • SAN Switches
    • Brocade Encryption Switch (BES)
  • Tape Libraries
    • Quantum Tape Libraries
  • Cloud Encryption/Virtual InstancesKMIP-compliant servers and clients
    • SafeNet ProtectV

 

KeySecure k150

  • Up to 25,000 symmetric & asymmetric keys stored per cluster
  • Up to 100 concurrent clients

Supported Appliances

  • Tape Libraries
    • Quantum Tape Libraries
  • Cloud Encryption/Virtual InstancesKMIP-compliant servers and clients
    • SafeNet ProtectV

 

FEATURE & BENEFITS

 

Centralized Key Administration. A single, centralized key management console to manage encryption keys and their lifecycle for disparate encryption solutions . Consolidating key management allows administrators to monitor all encryption keyactivities for tape and disk-based storage platforms, SAN switches, databases, applications, and more. 

 

KMIP Compliant. Enables the management of c ryptographic modules and storage devices from different vendors within a single centralized key lifecycle management system.  

 

Hardened, self-contained, tamper-proof  key management appliance.   There are no servers to set up or software to install and maintain, reducing your operating costs, and freeing security and IT personnel. As your environment grows and evolves, KeySecure appliances can be easily added as needed. Keys are automatically replicated among nodes of the cluster.  

 

Safeguards keys against theft, tampering, and unexpected system failures.KeySecure centralizes all key management activities, including key signing, role-based administration, quorum control, and the backup and distribution of encryption keys across the enterprise. For sensitive security operations, KeySecure allows you to stipulate multiple credential authorization from more than one administrator.    

 

Resiliency and Availability. KeySecure clustering enables multiple KeySecure appliances to share configuration settings in an active-active mode. Configuration changes are replicated instantly to all the members within the same cluster. 

 

Cloud Ready. KeySecure and the associated data is only accessible to authorized administrators and users. KeySecure is highly scalable for large implementations across cloud zones and cloud providers. Cloud administrators are able to manage and maintain servers without accessing the data or risking data security.

 

USAccess offers market leading SafeNet KeySecure Solutions for Encryption Key Lifecycle Management.  If you are interested in receiving a Quote for a SafeNet Enterprise Key Management Solution, please submit information on the Quote Request Form on the right side of this page.  One of our sales representatives will provide you with the requested KeySecure Quote.