Virtru Private Keystore
Take Complete Ownership of Your Encrypted Data
Host your private encryption keys anywhere and collaborate with total confidence that your data remains under your control.
Collaborate in the Cloud Without Sacrificing Privacy
Enjoy the benefits of cloud collaboration platforms like Google Workspace and Microsoft 365 — without having to hand over your data. Virtru Private Keystore gives you complete, persistent, and flexible control of who can access your sensitive information — shielding your data from Google, Microsoft, and even Virtru.
- Low-cost cloud data control
- Ensures and safeguards data sovereignty
- Helps you meet regulatory obligations like ITAR, CMMC 2.0, CJIS, and more
- Supports Google Gmail S/MIME and Google Workspace CSE
Flexible Hosting Options
Choose where to store your private keys while Virtru handles the complexity of policies and double-key exchanges for you.
Virtru Private Keystore supports:
- Public or Private Cloud
- Private or co-hosted data centers
- Hardware security module (HSM)
“We want to make sure no other parties can access our email content. So, by having the keys managed on premises, we believe it adds an additional level of security and control.”
Alfonso Razzi
CIO, Toto Holding GroupJob Title
Why Host Your Own Encryption Keys?
Better Together: Virtru Private Keystore for Google Workspace
Make data sovereignty simple with a longtime, trusted Google partner. The Virtru Private Keystore supports Google Workspace CSE and Gmail S/MIME, allowing you to improve your security posture by hosting your own private keys away from Google's reach.
Virtru Private Keystore for Your Everyday Workflows
Safeguard sensitive data stored and shared in business applications your organization uses every day — from Microsoft 365 to SaaS apps and beyond.
Virtru Private Keystore for Microsoft Outlook
Host your own keys to protect your Outlook messages and attachments. Take Outlook security a step further by keeping data private in Microsoft 365.
Learn More
Virtru Private Keystore for Secure Share
From tax forms to mortgage applications and student records, our customers manage a wealth of sensitive data with Virtru Secure Share. Manage your own keys for an added layer of control and ownership.
Learn More
Virtru Private Keystore for Data Protection Gateway
Protect data that flows through automated server-side encryption and decryption workflows via the Virtru Data Protection Gateway. This secure, automated encryption runs behind the scenes, with no impact on the user experience.
Learn MoreFlexible, Layered Encryption Key Options
Virtru offers several key management solutions and approaches to ensure you maintain control, confidentiality, and compliance wherever your data goes – including the ability to host your own keys to meet data sovereignty and residency needs.
/webpage%20-%20enterprise%20key%20management/architecture-charts_fully-hosted.webp)
Host Keys with Virtru
You can be up and running in minutes with our fully hosted key management option. The Virtru Data Security Platform provides a front-end layer that authenticates requests for keys and ensures sensitive content is only accessed by authorized parties.
A unique AES 256-bit symmetric data key is created on the client to protect each email and file, then delivered via a secure TLS-protected channel to the Virtru Data Security Platform.
/webpage%20-%20enterprise%20key%20management/architecture-charts_customer-managed-keys.webp)
Host Your Own Keys
Choose this option to have ultimate control over who can access your data to meet requirements for CJIS, ITAR, data sovereignty, and more. Prevent third parties from accessing your data with the Virtru Private Keystore, which allows you to host your own encryption keys. The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.
When you encrypt an email or file, a message key is generated, which is then encrypted with a public key. The Virtru Data Security Platform manages and authenticates key exchanges but cannot access your data at any time. Virtru then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment which meets the data protection and compliance you want. You can host your private key on your premises, in your private cloud, or on any public cloud service.
/webpage%20-%20enterprise%20key%20management/architecture-charts_hsm-integration.webp)
Host Keys with your Hardware Security Module
Use your existing Hardware Security Module (HSM) infrastructure and key management processes. In this deployment option, your private encryption keys are stored in your HSM and the Virtru Private Keystore only brokers encryption and decryption requests with the Virtru Data Security Platform.
This method leverages PKCS (Public Key Cryptographic Standard) #11 and KMIP protocols, allowing integration with a variety of HSM manufacturers.
/webpage%20-%20enterprise%20key%20management/architecture-charts_google-cse.webp)
Manage Keys for Google Client-Side Encryption for Workspace and Gmail
Virtru is an authorized Google Workspace Client-side encryption (CSE) partner that prevents unauthorized or third-party (including Google) access to your data. Our encryption key management supports heightened privacy in Docs, Sheets, Slides, and the Google Drive File Stream desktop app, as well as encrypted calls (media stream) and video messages in Google Meet.
Virtru is the only Google CSE key manager that allows you to enforce access control using labels in Google Drive.
Once your browser client encrypts the content with Google Client-side encryption, those keys are then wrapped with an additional key that’s provided by Virtru. These keys and their associated access control policies are managed by Virtru to determine who can and cannot access your data. This keeps your cloud data private, even from Google, since they won’t have the keys to decrypt your data. Virtru cannot access your protected data at any time.
Flexible, Layered Encryption Key Options
You can be up and running in minutes with our fully hosted key management option. The Virtru Data Security Platform provides a front-end layer that authenticates requests for keys and ensures sensitive content is only accessed by authorized parties.
A unique AES 256-bit symmetric data key is created on the client to protect each email and file, then delivered via a secure TLS-protected channel to the Virtru Data Security Platform.
Choose this option to have ultimate control over who can access your data to meet requirements for CJIS, ITAR, data sovereignty, and more. Prevent third parties from accessing your data with the Virtru Private Keystore, which allows you to host your own encryption keys. The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.
When you encrypt an email or file, a message key is generated, which is then encrypted with a public key. The Virtru Data Security Platform manages and authenticates key exchanges but cannot access your data at any time. Virtru then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment which meets the data protection and compliance you want. You can host your private key on your premises, in your private cloud, or on any public cloud service.
Use your existing Hardware Security Module (HSM) infrastructure and key management processes. In this deployment option, your private encryption keys are stored in your HSM and the Virtru Private Keystore only brokers encryption and decryption requests with the Virtru Data Security Platform.
This method leverages PKCS (Public Key Cryptographic Standard) #11 and KMIP protocols, allowing integration with a variety of HSM manufacturers.
Virtru is an authorized Google Workspace Client-side encryption (CSE) partner that prevents unauthorized or third-party (including Google) access to your data. Our encryption key management supports heightened privacy in Docs, Sheets, Slides, and the Google Drive File Stream desktop app, as well as encrypted calls (media stream) and video messages in Google Meet.
Virtru is the only Google CSE key manager that allows you to enforce access control using labels in Google Drive.
Once your browser client encrypts the content with Google Client-side encryption, those keys are then wrapped with an additional key that’s provided by Virtru. These keys and their associated access control policies are managed by Virtru to determine who can and cannot access your data. This keeps your cloud data private, even from Google, since they won’t have the keys to decrypt your data. Virtru cannot access your protected data at any time.
Ready to see what Virtru Private Keystore can do for your organization?
6,100 CUSTOMERS TRUST VIRTRU FOR DATA SECURITY AND PRIVACY PROTECTION.
