Cryptomathic launches cloud-based ‘Bring Your Own Key’ key management service


Share this content


Cryptomathic, an encryption key management specialist, has launched the Cryptomathic AWS BYOK Service, a cloud-based service that enables security-conscious users of Amazon Web Services globally to harness enterprise-class Bring Your Own Key (BYOK) encryption key management capabilities on demand.

BYOK encryption management offers enterprises the opportunity to forego influence a cloud provider’s default generated encryption keys, by adding their own, thereby increasing security and control while simultaneously simplifying compliance audits. In response to the growing demand for BYOK among organisations which lack the technical resources to take advantage of BYOK encryption in AWS public cloud, Cryptomathic has created a truly self-service SaaS solution, backed by HSMs (hardware security modules).

Matt Landrock, CEO, Cryptomathic Inc. commented: “All companies should have the opportunity to access best-in-class cloud security. Yet, until now, advanced encryption key management approaches like Bring Your Own Key have only been available to organisations that have the technical knowledge and resources needed to maintain hosting and managing their own HSMs.

The Cryptomathic AWS BYOK Service brings enterprise-class encryption key management to companies of all shapes and sizes, in the form of a simple, user-friendly, subscription-based cloud service. We’re making the management of encryption key lifecycles accessible and automated, while remaining fully auditable and, importantly, keeping those BYOK keys under the control of the user.”

With Cryptomathic’s AWS BYOK Service, cloud customers can add cryptographic key material to the AWS key hierarchy, thereby enhancing the security model with additional entropy from their preferred source. AWS combines this key material with their own, making for a truly unique set of keys used to protect the encryption keys in question. In other words, as long as a business always remains in possession of its keys and those keys are kept secure—such as within a hardware security module (HSM)—the enterprise can be confident that they are truly in control of their encrypted data.

The Cryptomathic AWS BYOK Service provides the following benefits:

  • Additional peace of mind: AWS encrypts users’ cloud data using AES-256, the industry’s leading standard. They retain users’ BYOK keys within the confines of an HSM and therefore their personnel cannot decrypt or read data at rest. In other words: To decrypt, the data must use that same key hierarchy.
  • A comprehensive security solution: With Cryptomathic’s AWS BYOK Service, most types of data at rest can afford an added level of security management.
  • No additional overhead: Since AWS already encrypts users’ data at rest, the BYOK option provides enterprises with an additional element of control and with only a few restrictions (subject to the individual BYOK enabled services).
  • GDPR Compliance for the Cloud: BYOK can help address security concerns about GDPR and Schrems II compliance.

The Cryptomathic AWS BYOK Service is now live and accessible to companies globally, today. Details of subscription packages can be found here.

Receive the latest breaking news straight to your inbox