Description
Enterprise Secure Key Manager (ESKM) provides a centralized key management hardware-based solution
for unifying and automating an organization’s encryption key controls by creating, protecting, serving,
and auditing access to encryption keys for secure, reliable administration.
ESKM supports the OASIS Key Management Interoperability Protocol (KMIP) versions 1.0 through 2.0, enabling
the broadest range of data protection applications and partner solutions. A client Software Development Kit
(SDK) is also available to partners and customers to enable native protocol ESKM integrations.
ESKM is designed as a turnkey solution: an independent lab-validated secure server appliance. Standard
capabilities include high-availability clustering and failover, secure key database, key generation and retrieval
services, identity and access management for administrators and encryption devices, secure backup and
recovery, local Certificate Authority, and signed audit logging for compliance attestation.
Unified, secure, scalable encryption key management services
– Automate and enforce organizational data protection and compliance policies
– Secure encryption key generation, creation, protection, serving, auditing for enrolled clients
– Supports multiple key algorithms use cases, encryption client devices
– Capacity for >2 million keys, >25,000 clients, and 8 ESKM nodes per distributed cluster
Strong auditable security
– Security hardened Linux-based server appliance; all software is digitally signed
– All keys and backups are encrypted both at rest and in motion
– Granular control of key management access to key owners and across administrator defined key-sharing groups
– Certificate-based mutual client-server authentication, secure administration, and audit logging
– ESKM v5.x is designed to FIPS 140-2 Level 2 – Locking front bezel, dual pick-resistant locks for security officer dual control
Reliable continuous access to business-critical encryption keys
Supports mirrored internal storage, dual networks, dual power, and redundant cooling
– Native multi-site high-availability clustering, encryption keys replicated securely and transparently to all nodes
– Comprehensive monitoring, recovery, scheduled backup, and restore functionality
Management
– Web browser GUI and Command Line Interface supported
– TLS and SSH for secure administrator remote access
– Terminal interface (serial RS-232C) for initial installation setup
Cryptography and security
– Supports (among others): AES, 3-Key Triple DES, HMAC, RSA, and ECDSA key types
– Designed for NIST SP 800-131A and FIPS 140-2 Level 2 requirements
– Conforms with KMIP 1.0 through 2.0 specifications
Reviews
There are no reviews yet.