SafeNet KeySecure is an
Enterprise Key Management (EKM) solution
that enables a single, centralized platform for managing cryptographic keys, certificates and applications. As the use of encryption proliferates throughout the corporation, security teams must scale their management of encryption keys, including key generation, key import and export, key rotation, and much more. With KeySecure, administrators can simultaneously manage multiple, disparate encryption appliances and associated encyrption keys, passwords and certificates through a single, centralized key management platform.
Heterogeneous Key Lifecycle Management
With KeySecure can centrally manage and record key attributes, state changes and key provisioning for disparate encryption solutions.
Granular Policy Administration
KeySecure enables granular authorization controls based on user key permissions. Existing
access controls can be automatically retrieved from
LDAP/Active Directory services and further defined within the KeySecure Administration
console to provide an additional layer of access management.
Centralized Monitoring and Auditing for Compliance Mandates
KeySecure has built-in auditing, logging, and alerting for
facilitating compliance mandates. All keys are securely managed, key ownership is clearly
defined, and key lifecycle management and modifications are recorded and securely stored
providing a non-repudiative audit trail of key state changes.
View Specification
Resource Library
Security
- NIST FIPS 140-2 Level 3 for SafeNet LUNA® PCI-e Cryptographic Module embedded encryption card (validation in process)
Cryptography:
- AES, 3DES, DES, RSA (signatures and encryption), RC4, HMAC SHA-I – SHA512, SEED encryption
Key Management Protocol
- OASIS KMIP (Key Management Interoperability Protocol) 1.0 Specification compliant
- NIST 800-57 Key Lifecycle support
- Symmetric Key, Asymmetric Key, Opaque, Secret Data, Template
- Operations: Create, CreateKeyPair, Register, Get, GetAttribute, GetAttributeList, Locate, Query, Add/Delete/Modify Attributes
Role-based Management Control
- Multiple restricted roles can be defined for each administrator
- Automated, self-contained key management
- Multi-credential administrative authorization for sensitive security operations
Key Availability and Capacity
- Secure key replication to multiple appliances
- Intelligent key sharing via key sharing groups
High Availability and Redundancy
- Active-Active mode of clustering
- Multiple geographies
- Hierarchical clustering
Supported Technologies
API support
- iCAPI, KMIP, PKCS #11, JCE,MSCAPI, and .NET
Network management
- SNMP (v1, v2, and v3), NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encrypted and integritychecked backups and upgrades, extensive statistics
System administration
Supported Directory Services
- LDAP and Active Directory services
Deployment Options
KeySecure k460
- Up to 1 million symmetric & asymmetric keysstored per cluster
- Up to 1,000 concurrent clients
Supported Appliances
- Hardware Security Modules (HSM)
- SafeNet LUNA SA
- SafeNet LUNA PCI
- NAS, SAN & DAS Storage appliances
- SafeNet's storage encryption solution, StorageSecure
- NetApp NSE, DataFort and LKM
- SAN Switches
- Brocade Encryption Switch (BES)
- Tape Libraries
- Cloud Encryption/Virtual Instances
- KMIP-compliant servers and clients
KeySecure k150
- Up to 25,000 symmetric & asymmetric keys stored per cluster
- Up to 100 concurrent clients
Supported Appliances
- Tape Libraries
- Cloud Encryption/Virtual Instances
- KMIP-compliant servers and clients
View Feature & Benefits
Resource Library
Centralized Key Administration.
A single, centralized key management console
to manage encryption keys and their lifecycle for disparate encryption solutions
. Consolidating key management allows administrators to monitor all encryption key
activities for tape and disk-based storage platforms, SAN switches, databases, applications,
and more.
KMIP Compliant.
Enables the management of c
ryptographic modules and storage devices from different vendors
within a single centralized key lifecycle management system.
Hardened, self-contained, tamper-proof key management appliance.
There are no servers to set up or software to install and maintain, reducing your operating costs, and freeing security and IT personnel. As your environment grows and evolves, KeySecure appliances can be easily added as needed. Keys are automatically replicated among nodes of the cluster.
Safeguards keys
against theft, tampering, and unexpected system failures. KeySecure centralizes all key
management activities, including key signing, role-based administration, quorum control, and
the backup and distribution of encryption keys across the enterprise.
For sensitive security
operations, KeySecure allows you to stipulate multiple credential authorization from more
than one administrator.
Resiliency and Availability.
KeySecure clustering enables multiple KeySecure appliances to
share configuration settings in an active-active mode. Configuration changes are replicated
instantly to all the members within the same cluster.
Cloud Ready.
KeySecure and the associated data is only
accessible to authorized administrators and users. KeySecure is highly scalable for large
implementations across cloud zones and cloud providers. Cloud administrators are able to
manage and maintain servers without accessing the data or risking data security.
View How to Buy
Resource Library