With Virtru, you get the best of both worlds: A partner in managing policies and key exchanges, while still maintaining complete ownership of your own keys and data, whether on-prem, in a private cloud, or in a public cloud.
You don’t trust the bank with the key to your safety deposit box, so why trust third-party security providers to host your encryption keys? Virtru's Customer Key Server (CKS) removes third-party trust concerns by letting you host your own encryption keys and integrate with hardware security modules (HSMs) for absolute data control.
Our CKS uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.
When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager (ACM) manages and authenticates key exchanges but cannot access your data at any time. The CKS then hosts a private key that is needed to decrypt the public key and unwrap the message key. This CKS private key never leaves your environment, so you maintain full control to ensure your organization meets its desired data protection and compliance standards. You can host your private key on-prem, in your private cloud, or on any public cloud service.
“We want to make sure no other parties can access our email content. So, by having the keys managed on premise, we believe it adds an additional level of security and control.”
-Alfonso Razzi, CIO, Toto Holding Group
Ensure Privacy: Host your own keys so that unauthorized parties can never access your data, ensuring it stays private and under your control.
Strengthen Compliance: Hosting your own keys can support data protection and residency requirements for CJIS, GDPR, HIPAA, PCI, ITAR, CMMC 2.0, and more
Prevent Surveillance: Blind subpoenas can force security and cloud vendors to turn over your data to government entities — but without the encryption key, that data is indecipherable. When you're the only one with the key, only you can respond to government data requests.
Implement Zero Trust Security: Split-knowledge architecture separates keys from content. You’re never forced to trust Virtru or cloud service providers with access to your unencrypted data.
Audit Activity: Maintain visibility over all encryption key exchanges and policies. Integrate with your SIEM for insights that strengthen threat response and compliance workflows.
Deploy Quickly: Virtru CKS deploys rapidly with Docker containers to align with your existing IT and key management infrastructure. As a result, you can achieve enterprise-scale implementations with low overhead.