Skip to main content

Your Data, Your Rules: Zero Trust Encryption Key Management for Google and Microsoft

Virtru Customer Key Server Protects Your Data in the Cloud

When you’re managing data in the cloud, it’s smart to ensure you’re protecting the keys to your private, encrypted information. If you need to comply with regulations like CJIS, ITAR, or EAR, this level of security may be essential. 

Whether you’re using Google Workspace or Microsoft 365, Virtru offers multiple key management options to safeguard data everywhere it’s created, stored, and shared, preventing third parties from ever accessing unencrypted content. By implementing a distributed architecture with dual layers of protection, Virtru’s customers can ensure they maintain total control over exactly who can access their encryption keys — and prevent access by their cloud provider.

While Virtru’s customers can entrust their keys to be managed by Virtru, Virtru’s Customer Key Server (CKS) provides an additional layer of security to meet global data protection needs, data residency, and data sovereignty. This option gives Virtru customers complete control over who can access their data. Prevent any third parties from accessing your encryption keys, including security and cloud-hosting vendors, or governments who could subpoena your providers. 

Unlike cloud-managed, Bring Your Own Key (BYOK) approaches that force you to trust the vendor, Virtru can never access your private keys. BYOK arrangements are like getting a safety deposit box but then letting the bank store its key. The cloud provider or security vendor can still access the underlying plain-text content. Virtru is the first Zero Trust key distribution service in which no third party can ever access unprotected content or the keys that grant access. How Virtru's Customer Key Server Works

The Virtru CKS creates an additional key pair to protect underlying encryption keys that never leaves your environment for true “hold your own key” security. When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager (ACM) manages and authenticates key exchanges but cannot access your data at any time. The CKS then hosts a private key that is needed to decrypt the public key and unwrap the message key. This CKS private key never leaves your environment. You can host the key on-premise, in a private cloud, or on any public cloud service and maintain visibility over all encryption key exchanges and policies. 

You should consider the Virtru CKS if you’re looking to:

  • Host your own keys so that unauthorized parties can never access your data, ensuring it always stays in your control.
  • Encrypt files and emails stored or shared via Google or Microsoft 365.
  • Meet data sovereignty and residency requirements by specifying the locations where your encryption keys are stored. 
  • Support compliance with CJIS, GDPR, HIPAA, PCI, CCPA, ITAR, and more.
  • Guarantee you are the only entity that can grant data access in response to government requests and subpoenas.
  •  Destroy encryption keys to make emails permanently unreadable.

To learn more about how your organization can leverage the Zero Trust Customer Key Server, contact Virtru today to start the conversation.

Discover how seamless it can be to add a layer of data protection across your organization.

Dive Deeper