Key storage for S3, EC2 and more
Amazon Web Services (AWS), offers a powerful platform to IT teams embracing the possibilities of elastic scale. KeyNexus supports an array of integrations and use cases that can help any enterprise significantly improve the security posture of Amazon Web Services workflows. As a pioneer in universal, platform agnostic key management and storage, KeyNexus offers direct integration with numerous services and use cases across AWS. We also support custom, API-driven integrations into Amazon Web Services workloads.
KeyNexus leverages AWS’s native platform and service-level security (Identity and Access Management (IAM) and embedded encryption) to further secure customer key management workflows we enable.
Object storage is a natural fit for embedded server-side encryption and AWS has offered just that. More importantly, AWS now recognizes the importance to enterprises to externally own and manage their encryption keys and now offers a ‘Customer Provided Key’ option to this encryption service. Enterprises are now able to invoke S3 server-side encryption, with customer provided keys (SSE-CPK), via AWS APIs, however, they are still left with the daunting challenge of securely storing, managing and provisioning these keys 24×7 into these S3-consuming workflows. This is where KeyNexus comes in. KeyNexus has integrated with these same AWS APIs so that enterprises can quickly and easily benefit from S3 encryption while having complete assurance that they exclusively own and control their master encryption keys.
A common request from customers is the requirement for full volume encryption within AWS EC2, on-premise hosted volumes and within other public clouds. On AWS, KeyNexus addresses this requirement in two ways. The first is that KeyNexus customers are free to leverage our APIs to provision their keys for use by most standardized volume encryption tools or libraries.
The second option is that KeyNexus has performed a direct integration with Amazon Linux O/S volume encryption and packaged this as an AMI on the AWS Marketplace. For customers interested in a volume encryption solution that is easy to setup, scale and automate, with external self-managed keys, please see our AWS listing:
Alternatively, KeyNexus can provide installable libraries for a variety of operating system types if you are interested in this approach to volume encryption but are looking to:
KeyNexus On-Demand APIs enable businesses to store and manage their keys securely on KeyNexus and then programmatically request them from within their cloud-based applications. This enables businesses to architect their own encryption, or other security, use cases for key provisioning within their AWS apps and databases. For more info please see our KeyNexus On-Demand APIs page KeyNexus On-Demand API’s.
Absolutely. In fact, Amazon has two distinct key management/storage solutions, either of which may meet your needs. However, the architectural and business parameters of these two services, vary considerably from the KeyNexus approach. Let KeyNexus help you assess the right approach for your unique security, environment, and regulatory needs.
Important KeyNexus differentiators between both AWS Key Management Service (KMS) and AWS CloudHSM include:
KeyNexus for Amazon Web Services empowers cloud users of all sizes to easily and affordably experience the highest levels of data encryption while still maintaining ownership, control and auditability of keys. Get all the security and benefits of enterprise encryption appliances without the cost or hassle. KeyNexus continues to integrate popular AWS services so we’d love to hear from you on your interests and priorities.