Key Management Options

typical cloud platforms have a cryptographic environment that directly generates and manages secret keys, but we enable you to manage your own keys for greater control and security, providing the following benefits cryptographic key portability key lifecycle management disaster recovery advanced auditing and reporting you can use either futurex bring your own key (byok) or key agent services to provide and manage your own encryption keys that the cloud service providers use bring your own key (byok) byok enables you to encrypt data inside cloud services with your own keys, especially with public clouds such as aws, google cloud platform, and azure this ensures that your compliance and reporting requirements are fully addressed and that keys are generated within a fips 140 2 level 3 hardware security module (hsm) additionally, it ensures cryptographic keys are generated using a sufficient source of entropy and are protected from disclosure in typical cloud environments, keys are cryptographically wrapped before transmission to the cloud providers how byok works byok functions through the cli or api developed by each cloud provider these interfaces enable programmatic management of your organization's portion of the cloud platform, which fully automates the cloud infrastructure an hsm can leverage these apis to securely generate and distribute the customer defined keys over a secure channel between their key management platform and the hsm this enables a one click transfer of the customer defined keys with no configuration or manual work by using the cloud provider rest api, the hsm generates a new empty key object, requests an rsa public import key, generates new symmetric or asymmetric working keys, and wraps them with the import key after receiving the key, the cloud provider decrypts it with the corresponding private key for secure storage virtucrypt cloud payment hsms support byok through management with the excrypt touch, a secure remote management tablet with the excrypt touch, you can configure and manage all cloud payment hsms within your environment from anywhere in the world combined, this line of futurex products and services enables a complete hsm set up to manage an entire cryptographic environment with redundancy, ease of use, and scalability for future growth to learn more about byok, see our bring your own key (byok) cloud key management whitepaper also refer to the remote management of payment cloud hsms using the excrypt touch adminstrative guide futurex key agent services the futurex key agent services provides compliant, secure key management assistance with this service, our key agent team compliantly loads key into fips 140 2, level 3 hsms, and completes the generation, handling, and storing of key components however, you retain ownership of the keys for the entire key lifespan when you need access to the keys, we securely generate and print key components in tamper evident envelopes before mailing them to you this convenient option ensures that you have access to keys at any point in time, without the responsibility, effort, and liability of generating and loading them into the hsm