Ensure Data Privacy and Sovereignty: Support regulatory and data sovereignty requirements by encrypting cloud-hosted data and storing the private keys used to access that data within your own private data center or private cloud. You, and you alone, choose who can access encrypted information.
Strengthen Compliance: Hosting your own keys can support data protection and residency requirements for even the strictest compliance regulations, including CJIS, GDPR, HIPAA, PCI, ITAR, CMMC 2.0, and more.
Surveillance Protection: Strengthen privacy by ensuring any request to access data (including a government subpoena) has to come to your organization — not through your cloud provider or any other third party.
Mature Your Zero Trust Posture: You don’t trust the bank with the key to your safety deposit box, so why trust your cloud provider, or any other third party, to host your encryption keys? With Virtru Private Keystore, you’re never forced to trust Microsoft, Google, or Virtru with access to your unencrypted data.
Centralized Audit: Maintain visibility over all encryption key exchanges and policies, all in one place. Integrate with your SIEM for insights that strengthen threat response and compliance workflows.
Deploy Quickly: Virtru Private Keystore deploys rapidly with Docker containers to align with your existing IT and key management infrastructure. As a result, you can achieve enterprise-scale implementations with low overhead.
Protect your content in Docs, Sheets, Slides, and Meet by independently encrypting your Google-hosted data with Virtru Private Keystore for Google Workspace CSE. Ensure privacy and data sovereignty by taking full control of your encryption keys. Virtru is a Google recommended partner for Client Side Encryption (CSE).
The Virtru Private Keystore supports Google Cloud Platform (GCP) External Key Manager (EKM) to store the encryption keys for your your data within all major GCP services. You can choose to store your private keys in any secure location, including your own private data center or cloud, whereby controlling the location and distribution of keys with the ability to deny access to them at any time.
“We want to make sure no other parties can access our email content. So, by having the keys managed on premises, we believe it adds an additional level of security and control.”
-Alfonso Razzi, CIO, Toto Holding Group
The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption, while aligning with your existing infrastructure for enterprise-scale implementations.
When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager facilitates and authenticates key exchanges, but cannot access your data at any time. The Virtru Private Keystore then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment, so you maintain full control to ensure your organization meets its desired data protection and compliance standards.
You can host your private key on-prem, in your private cloud, or on any public cloud service — whatever works best for your organization. Once the Virtru Private Keystore is deployed, it runs in the background, so your team's work won't be impacted. icon-ok
Organizations increasingly want full control of their data, including the encryption keys guarding that data. But most cloud-managed, bring your own key (BYOK) approaches cannot deliver on true Zero Trust, as they require you to trust a third-party vendor with access to your keys as well as plain-text content.
Virtru gives you the best of both worlds, serving as a trusted key management partner for executing access control, while giving you true sovereignty over your keys and your content.