Public sector and regulated industries face a growing challenge: how to balance the benefits of cloud technologies with strict data sovereignty requirements?
With the geopolitical and regulatory landscape constantly shifting, organizations have to address raising complexities around data location, control, and compliance. Simultaneously, the need to guarantee the security and confidentiality of sensitive information in the cloud has become a central concern.
In this context, data encryption requires specific attention. Only authorized users should be able to access and decrypt your data, which requires retaining ownership and control of your encryption keys.
Want to ensure you keep control over your data when stored in the cloud?
Our key management solution, External Key Storage for AWS (XKS) by Eviden, allows AWS customers to elevate their sovereignty and fortify the security of their sensitive data by retaining control of their encryption keys in our Trustway Proteccio™ Hardware Security Module (HSM). Trustway Proteccio™ is the only HSM with the French national cybersecurity agency ‘s “reinforced qualification” (ANSSI QR) and is certified Common criteria EAL4+.
We offer an end-to-end solution enabling your organization to overcome your security challenges and protect your sensitive data.
Eviden is recognized as an AWS Well-Architected Partner and has invested for many years in achieving AWS competencies, such as AWS level 1 Managed Security Service Provider Competency Status.
External Key Storage for AWS is enabling the storage of additional keys on a hardware security module (HSM) that is operated by Eviden and securely stored in a datacenter outside the cloud, making sure that the entire encryption process is managed.
To protect the data encryption keys, additional master keys are generated from the HSM to encrypt them (process called envelope encryption). Without the additional key, the original data is inaccessible.
External Key Storage for AWS is a complete service for AWS cloud infrastructures and complies with the most stringent data privacy regulations (GDPR, eIDAS), raising the level of sovereignty over your data in AWS, including the ability to encrypt with key material outside of the cloud provider.
With External Key Storage for AWS, Eviden simplifies key management by handling all the setup, management, and maintenance – from software and hardware to networking - while reducing costs.
Key numbers
How it works?
In AWS, data is encrypted during transit at multiple levels, and AWS customers retain control over data encryption at rest. While data in AWS is encrypted with advanced algorithms, AWS Key Management Service (KMS) typically handles the encryption keys. For those seeking greater control over key management, we offer a trusted external hardware security module made in the EU.
- Provides encryption services for an end-to-end service, includingdeployment, operation and management by Eviden, with all support tiers and 24/7 operations.
- Protects sensitive and critical data by maintaining control of your encryption keyswith additional keys generated from the HSM to encrypt them.
- Enables secure communication with the HSM by forwarding API calls through AWS KMS, and the key material never leaves the HSM.
- Integrates with most AWS services(Amazon EBS, AWS Lambda, Amazon S3, Amazon DynamoDB, and over 100 more services).
- Includes xKMgr, a component to manage HSM keys lifecyclethrough REST API for easy DevOps integration.
For more details, refer to our Customer journey documentation.
Source: Eviden cybersecurity team
Certifications
The tamper-proof design of Trustway Proteccio netHSM has been certified with:
Common criteria EAL4+ certification
The cryptographic module
The communication module
ANSSI QR (Enhanced Qualification)
Highest level of qualification
The only HSM with Enhanced Qualification
European agreements
100% European cryptography
Other encryption offerings
Related resources
Interested in External Key Storage for AWS (XKS) by Eviden?
Get in Touch!