Key Management and KMIP: What You Need to Know

Encryption is a critical part of data security, but it’s only as effective as the methods that protect and distribute encryption keys securing your data. As part of the digital transformation reshaping modern IT, organizations can easily delegate key management to third parties such as their cloud platform providers, but this effectively sacrifices privacy for convenience in order to satisfy their key management needs. Leaving key management to third parties means your information could be exposed and accessed without your knowledge or consent.

To address this, many organizations turn to hardware security modules (HSMs), hardened, on-premise physical devices that protect encryption keys and perform a variety of cryptographic operations spanning key creation, rotation, destruction, and more. However, HSMs don’t work in a vacuum—they need to interoperate with other IT and security infrastructure. Due to complexities related to data protection and key management operations that HSMs support, organizations often find themselves forced to invest in multiple products to support their key management infrastructure, which ultimately is not only costly but creates key management silos.

The Key Management Interoperability Protocol (KMIP) emerged to break down these silos and standardize how different components in the key management lifecycle work together. KMIP enables secure key exchanges between servers and clients to support encryption and decryption operations, without requiring direct access to the key.

Last week, we announced our support for KMIP by enabling interoperability between customers’ HSMs and our customer-hosted key management option, the Virtru Customer Key Server (CKS). 

Virtru Supports KMIP

Virtru offers multiple key management options to enable easy-to-use email and file encryption that protects data wherever it is shared and prevents third parties from ever accessing unencrypted content. Distributed architecture with dual layers of protection ensures total control over who can access the keys securing your most sensitive data.

While fully hosted keys are a viable option for many organizations, the safest way to manage encryption keys is to host them yourself, on-premises. Virtru provides a customer-hosted key management option via our CKS capability. For even better security, customers can use the Virtru CKS in conjunction with an HSM. Virtu has validated HSM integrations with Atos TrustWay HSM, and a broad range of other HSM products can be enabled via our support for PKCS (Public Key Cryptographic Standard) #11 and now, KMIP.  

Whether you need to meet regulatory compliance—such as HIPAA, CCPA, or ITAR—protect intellectual property, or simply prevent third parties from accessing your content, Virtru’s key management options provide a secure, easy-to-use data protection foundation for your organization. To learn more about Virtru’s flexible key management offerings, get your free copy of The Simple Guide to Encryption Key Management.

New call-to-action

Subscribe to Our Newsletter

Connect With Us