Public sector and regulated industries face a growing challenge: how to balance the benefits of cloud technologies with strict data sovereignty requirements?

With the geopolitical and regulatory landscape constantly shifting, organizations have to address raising complexities around data location, control, and compliance. Simultaneously, the need to guarantee the security and confidentiality of sensitive information in the cloud has become a central concern.

In this context, data encryption requires specific attention. Only authorized users should be able to access and decrypt your data, which requires retaining ownership and control of your encryption keys.

Learn more about AWS marketplace

Want to ensure you keep control over your data when stored in the cloud?

Our key management solution, External Key Storage for AWS (XKS) by Eviden, allows AWS customers to elevate their sovereignty and fortify the security of their sensitive data by retaining control of their encryption keys in our Trustway Proteccio™ Hardware Security Module (HSM). Trustway Proteccio™ is the only HSM with the French national cybersecurity agency ‘s “reinforced qualification” (ANSSI QR) and is certified Common criteria EAL4+.

We offer an end-to-end solution enabling your organization to overcome your security challenges and protect your sensitive data.

Eviden_cybersecurity_External_Key_Storage__XKS_for_AWS-video
AWS Security services competency

Eviden is recognized as an AWS Well-Architected Partner and has invested for many years in achieving AWS competencies, such as AWS level 1 Managed Security Service Provider Competency Status.

Manage keys outside AWS with exclusive control

External Key Storage for AWS is enabling the storage of additional keys on a hardware security module (HSM) that is operated by Eviden and securely stored in a datacenter outside the cloud, making sure that the entire encryption process is managed.

Sensitive data protection

To protect the data encryption keys, additional master keys are generated from the HSM to encrypt them (process called envelope encryption). Without the additional key, the original data is inaccessible.

Data compliance

External Key Storage for AWS is a complete service for AWS cloud infrastructures and complies with the most stringent data privacy regulations (GDPR, eIDAS), raising the level of sovereignty over your data in AWS, including the ability to encrypt with key material outside of the cloud provider.

Ease of management and deployment

With External Key Storage for AWS, Eviden simplifies key management by handling all the setup, management, and maintenance – from software and hardware to networking - while reducing costs.

Key numbers

2013
Beginning of our Partnership
2022
EMEA GSI AWS partner of the year
0
AWS Competencies
0 +
AWS Certifications

How it works?

In AWS, data is encrypted during transit at multiple levels, and AWS customers retain control over data encryption at rest. While data in AWS is encrypted with advanced algorithms, AWS Key Management Service (KMS) typically handles the encryption keys. For those seeking greater control over key management, we offer a trusted external hardware security module made in the EU.

  • Provides encryption services for an end-to-end service, includingdeployment, operation and management by Eviden, with all support tiers and 24/7 operations.
  • Protects sensitive and critical data by maintaining control of your encryption keyswith additional keys generated from the HSM to encrypt them.
  • Enables secure communication with the HSM by forwarding API calls through AWS KMS, and the key material never leaves the HSM.
  • Integrates with most AWS services(Amazon EBS, AWS Lambda, Amazon S3, Amazon DynamoDB, and over 100 more services).
  • Includes xKMgr, a component to manage HSM keys lifecyclethrough REST API for easy DevOps integration.

For more details, refer to our Customer journey documentation.

Eviden_cybersecurity_External_Key_Storage__XKS_for_AWS_schema
Source: Eviden cybersecurity team

Certifications

The tamper-proof design of Trustway Proteccio netHSM has been certified with:

Common criteria EAL4+ certification
The cryptographic module
The communication module

ANSSI QR (Enhanced Qualification)
Highest level of qualification
The only HSM with Enhanced Qualification

European agreements

100% European cryptography

CC EAL4+
NATO SECRET
ANSSI QR
eIDAS
SOG-IS

Other encryption offerings

Offer

Trustway Proteccio NetHSM

Secure your most sensitive data with Trustway Proteccio™ NetHSM, the only HSM with the French national cybersecurity agency ‘s “reinforced qualification”.

Offer

Trustway Proteccio OEM

Trustway Proteccio™ OEM provides editors and integrators with an open and secure hardware platform for designing certified and scalable cryptographic appliances.

Offer

Trustway Crypt2pay

Trustway Crypt2pay is a high-performance encryption device designed to secure transactions involving bank or private cards.

Offer

Trustway DataProtect

Trustway DataProtect, a centralized key management platform enhanced with data access control and monitoring features, based on our HSM Trustway Proteccio™ hardware.

Offer

Trustway IP Protect

With Trustway IP Protect, secure your network communication across IP networks between devices geographically separated to protect data in transit.

Offer

Digital Sovereignty

Keeping control over data is critical, and you need better, more relevant measures and controls for your specific digital sovereignty needs.

Related resources

Brochure

External Key Storage for AWS

Protect your sensitive and critical data by choosing the right level of sovereignty.

Blog

AWS Partner Network (APN)

Migrate sensitive digital assets to AWS with Eviden data sovereignty solutions.

Customer journey

XKS customer journey

Discover how the solution is managed from end-to-end for AWS customers.

Interested in External Key Storage for AWS (XKS) by Eviden?