Host Your Own Keys and Keep Control of Your Data

Virtru’s approach to key management ensures privacy and control wherever your data goes.

Encryption Key Management, Tailored for Enterprise Privacy

You shouldn’t have to trust third party vendors to protect and control the keys guarding your critical data, yet that’s what cloud-managed, bring your own key (BYOK) approaches force you to do. But you don’t trust the bank with the key to your safety deposit box, so why let security vendors host and manage the encryption keys securing your data?

Virtru’s approach to key management removes third party trust concerns. We use a distributed architecture and unique symmetric keys for every email and file, offering heightened security at scale. Virtru Customer Key Server (CKS) adds a layer of protection that lets you directly host encryption keys and integrate with hardware security modules (HSMs) for the highest levels of confidentiality and control.

Trusted Key Management for Maximum Privacy

Virtru doesn’t require trusting third parties with access to the keys securing your data. By hosting the keys yourself, you can protect data across cloud environments without added risk and uncertainty.

True Privacy

Other BYOK solutions force you to trust the vendor with your keys, but Virtru never requires third party trust and prevents blind government subpoenas

Complete Control

Distributed architecture with dual layers of protection ensures total control over who can access the keys securing your most sensitive data.

Adaptability and Scale

We leverage Docker containers and your existing key management infrastructure to support enterprise scale deployments with low maintenance.

Flexible, Layered Encryption Key Options

Encryption key management options, based on your enterprise requirements and aligned with your existing key management processes.

Fully Hosted Keys

Your enterprise can be up and running in minutes with our fully-hosted key management option. Virtru Access Control Manager (ACM) provides a front-end layer that authenticates requests for keys and ensures sensitive content is only accessed by authorized parties. Virtru ACM is hosted in AWS to ensure maximum performance and availability.  

A unique AES 256-bit symmetric data key is created on the client to protect each email and file, then delivered via a secure TLS-protected channel to Virtru ACM. The Amazon Key Management Service (KMS) protects the symmetric data keys with an additional layer of symmetric encryption that is protected by a set of AWS managed HSMs.

Customer Keys

Choose this option to have ultimate control over who can access your data. Prevent any 3rd parties from accessing your data keys, including security and cloud-hosting vendors, or governments who can blind subpoena your providers. Unlike cloud-managed Bring Your Own Key (BYOK) approaches that force you to trust the vendor, Virtru can never access your private keys.

This approach utilizes Virtru Customer Key Server (CKS) and RSA encryption keys hosted in your environment. Your RSA keys are used to encrypt every data key at the client such that it is never transmitted or stored in the clear. Virtru CKS is hosted on-premise or in your private cloud, and uses Docker containers for rapid deployments. Virtru CKS works with ACM to receive and fulfill key requests for authorized users.

HSM Keys

Utilize your existing HSM infrastructure and existing key management processes. In this deployment option, your RSA encryption keys are stored in your HSM and Virtru Customer Key Server (CKS) is only used to facilitate communication between HSM and Virtru ACM.

Leveraging the PKCS #11 and KMIP protocols, CKS processes encryption and decryption requests on the Virtru platform by securely accessing HSM-managed private keys. Virtru ACM continues to support authorization workflows on the front-end.

Supported HSM Integrations:  

“…the most important aspect of encryption is good key management, including customer control of the keys.”

Staying Secured in the Cloud is a Shared Responsibility. Steve Riley, April 2016

More Than 5,000 Customers Protect Data in the Cloud with Virtru


Learn How Virtru Encryption Takes Privacy and Control to the Next Level

Download the Encryption Key Management Guide

Read up on key management best practices and learn how Virtru gives you ultimate privacy and control over your data.

Talk to an Expert About Deployment Options

Talk to a Virtru engineer to discuss the best deployment option for your company: Fully Hosted Keys, Customer Keys, or HSM Keys.