SafeNet KeySecure is an
Enterprise Key Management (EKM) solution
that enables a single, centralized platform for managing cryptographic keys and applications. As the use of encryption proliferates throughout the corporation, security teams must scale their management of encryption keys, including key generation, key import and export, key rotation, and much more. With KeySecure, administrators can simultaneously manage multiple, disparate encryption appliances and associated keys through a single, centralized key management platform.
Heterogeneous Key Lifecycle Management
With KeySecure can centrally manage and record key attributes, state changes and key provisioning for disparate encryption solutions.
Granular Policy Administration
KeySecure enables granular authorization controls based on user key permissions. Existing
access controls can be automatically retrieved from
LDAP/Active Directory services and further defined within the KeySecure Administration
console to provide an additional layer of access management.
Centralized Monitoring and Auditing for Compliance Mandates
KeySecure has built-in auditing, logging, and alerting for
facilitating compliance mandates. All keys are securely managed, key ownership is clearly
defined, and key lifecycle management and modifications are recorded and securely stored
providing a non-repudiative audit trail of key state changes.
View Specification
Resource Library
Security
•
NIST FIPS 140-2 Level 3 for SafeNet LUNA®
PCI-e Cryptographic Module embedded
encryption card (validation in process)
Cryptography:
•
AES, 3DES, DES, RSA (signatures and
encryption), RC4, HMAC SHA-I – SHA512,
SEED encryption
•
Asymmetric key sizes
•
1024, 2048, 3072, 4096
•
Symmetric key sizes
•
128, 192, 256
Key Management Protocol
OASIS KMIP (Key Management Interoperability
Protocol) 1.0 Specification compliant
•
NIST 800-57 Key Lifecycle support
•
Symmetric Key, Asymmetric Key, Opaque,
Secret Data, Template
•
Operations: Create, CreateKeyPair, Register,
Get, GetAttribute, GetAttributeList, Locate,
Query, Add/Delete/Modify Attributes
Role-based Management Control
•
Multiple restricted roles can be defined for
each administrator
•
Automated, self-contained key management
•
Multi-credential administrative authorization
for sensitive security operations
Key Availability and Capacity
•
Secure key replication to multiple appliances
•
Intelligent key sharing via key sharing groups
High Availability and Redundancy
•
Active-Active mode of clustering
•
Multiple geographies
•
Hierarchical clustering
Supported Technologies
API support
•
iCAPI, KMIP, PKCS #11, JCE,MSCAPI, and .NET
Network management
•
SNMP (v1, v2, and v3), NTP, URL health check,
signed secure logs & syslog, automatic log
rotation, secured encrypted and integritychecked
backups and upgrades, extensive
statistics
System administration
•
Secure Web
Supported Directory Services
•
LDAP and Active Directory services
Deployment Options
KeySecure k460
•
Up to 1 million symmetric & asymmetric keys
stored per cluster
•
Up to 1,000 concurrent clients
Supported Appliances
•
Hardware Security Modules
(HSM)
•
SafeNet LUNA SA
•
NAS, SAN & DAS Storage appliances
•
SafeNet's storage encryption solution, StorageSecure
•
NetApp NSE, DataFort and LKM
•
SAN Switches
•
Brocade Encryption Switch (BES)
•
Tape Libraries
•
Quantum Tape Libraries
•
Cloud Encryption/Virtual Instances
•
SafeNet ProtectV
•
KMIP-compliant servers and clients
KeySecure k150
•
Up to 25,000 symmetric & asymmetric keys
stored per cluster
•
Up to 100 concurrent clients
Supported Appliances
•
Tape Libraries
•
Quantum Tape Libraries
•
Cloud Encryption/Virtual Instances
•
SafeNet ProtectV
•
KMIP-compliant servers and clients
View Feature & Benefits
Resource Library
Centralized Key Administration.
A single, centralized key management console
to manage encryption keys and their lifecycle for disparate encryption solutions
. Consolidating key management allows administrators to monitor all encryption key
activities for tape and disk-based storage platforms, SAN switches, databases, applications,
and more.
KMIP Compliant.
Enables the management of c
ryptographic modules and storage devices from different vendors
within a single centralized key lifecycle management system.
Hardened, self-contained, tamper-proof key management appliance.
There are no servers to set up or software to install and maintain, reducing your operating costs, and freeing security and IT personnel. As your environment grows and evolves, KeySecure appliances can be easily added as needed. Keys are automatically replicated among nodes of the cluster.
Safeguards keys
against theft, tampering, and unexpected system failures. KeySecure centralizes all key
management activities, including key signing, role-based administration, quorum control, and
the backup and distribution of encryption keys across the enterprise.
For sensitive security
operations, KeySecure allows you to stipulate multiple credential authorization from more
than one administrator.
Resiliency and Availability.
KeySecure clustering enables multiple KeySecure appliances to
share configuration settings in an active-active mode. Configuration changes are replicated
instantly to all the members within the same cluster.
Cloud Ready.
KeySecure and the associated data is only
accessible to authorized administrators and users. KeySecure is highly scalable for large
implementations across cloud zones and cloud providers. Cloud administrators are able to
manage and maintain servers without accessing the data or risking data security.
View How to Buy
Resource Library