<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Virtru Customer Key Server

You host the encryption keys. Virtru manages the policies and key exchanges. Together, we can strengthen security for your organization's data and ensure you maintain complete control of that data at all times. 


Manage Your Own Encryption Keys

Virtru’s Customer Key Server gives you ultimate control over who can access your data, helping you meet a variety of regulatory compliance requirements such as CJIS, ITAR, CMMC 2.0, and several others — as well as support data sovereignty obligations.

With Virtru, you get the best of both worlds: A partner in managing policies and key exchanges, while still maintaining complete ownership of your own keys and data, whether on-prem, in a private cloud, or in a public cloud.

Prevent Third-Party Access

You don’t trust the bank with the key to your safety deposit box, so why trust third-party security providers to host your encryption keys? Virtru's Customer Key Server (CKS) removes third-party trust concerns by letting you host your own encryption keys and integrate with hardware security modules (HSMs) for absolute data control.

More than 7,000 customers trust Virtru for data security and privacy protection.


How Virtru's Customer Key Server Works

Our CKS uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.

When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager (ACM) manages and authenticates key exchanges but cannot access your data at any time. The CKS then hosts a private key that is needed to decrypt the public key and unwrap the message key. This CKS private key never leaves your environment, so you maintain full control to ensure your organization meets its desired data protection and compliance standards. You can host your private key on-prem, in your private cloud, or on any public cloud service.


“We want to make sure no other parties can access our email content. So, by having the keys managed on premise, we believe it adds an additional level of security and control.”

-Alfonso Razzi, CIO, Toto Holding Group

The Benefits of Hosting Your Own Keys

Ensure Privacy: Host your own keys so that unauthorized parties can never access your data, ensuring it stays private and under your control.

Strengthen Compliance: Hosting your own keys can support data protection and residency requirements for CJIS, GDPR, HIPAA, PCI, ITAR, CMMC 2.0, and more

Prevent Surveillance: Blind subpoenas can force security and cloud vendors to turn over your data to government entities — but without the encryption key, that data is indecipherable. When you're the only one with the key, only you can respond to government data requests.

Implement Zero Trust Security: Split-knowledge architecture separates keys from content. You’re never forced to trust Virtru or cloud service providers with access to your unencrypted data.

Audit Activity: Maintain visibility over all encryption key exchanges and policies. Integrate with your SIEM for insights that strengthen threat response and compliance workflows.

Deploy Quickly: Virtru CKS deploys rapidly with Docker containers to align with your existing IT and key management infrastructure. As a result, you can achieve enterprise-scale implementations with low overhead.

Zero Trust. Total Data Control.

Organizations increasingly want full control of their data, including the encryption keys guarding that data. But most cloud-managed, bring your own key (BYOK) approaches cannot deliver on true Zero Trust, as they require you to trust a third-party vendor with access to your keys as well as plain-text content.

Virtru gives you the best of both worlds, serving as a key management partner for access control, while giving you true control over the keys and the content. 

Take Control of Your Data Today

Take the next step toward Zero Trust data control. Book a demo with our team to see how simple it can be to get started.