CipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud
CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organizations to follow security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.
Organizations are able to securely create and control encryption keys separate from where their sensitive data is being hosted. By generating encryption keys using CipherTrust Key Broker, organizations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment.
Organizations hold their master keys in a Thales Luna Cloud HSM, which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust, and ensures separation between data and encryption keys, helping to fulfill compliance and security requirements.
Solution Overview
- Securely create and control encryption keys separate from where sensitive data is being hosted
- Verify the origin and quality of the keys being brought to the cloud
- Maintain master keys outside of the Google Cloud environment in a Thales FIPS 140-2 Level 3 certified root-of-trust