Encryption and Key Management for AWS

Alliance Key Manager for AWS

Encryption and Key Management for AWS

Alliance Key Manager for AWS allows organizations to protect data easily in AWS while mitigating the risk of data loss in a cloud environment.  Using the same NIST compliant AES encryption and FIPS 140-2 compliant technology found in Townsend Security's HSMs, Alliance Key Manager for AWS brings strong encryption security and key management to Amazon Web Services as an Amazon Machine Image (AMI). 

    Complete Cloud Data Encryption Solution

    AWS Advanced Technology PartnerTownsend Security's Alliance Key Manager (AKM) for AWS allows enterprises to properly manage their encryption keys while meeting security requirements in less time and at a lower cost. While it is not possible to perform FIPS 140-2 validation in a cloud service provider context, Alliance Key Manager uses the same FIPS 140-2 compliant key management technology available in Townsend Security's HSM and in use by over 3,000 customers worldwide. Alliance Key Manager for AWS provides full life-cycle management of encryption keys for a wide variety of applications to help organizations meet PCI DSS, HIPAA, and PII compliance at an affordable price.

    Ready to Use Virtual Appliance

    When Alliance Key Manager for AWS is launched for the first time, it will automatically generate a certificate authority, client-side credentials, and create encryption keys that you can immediately use with SQL Server, Oracle, SharePoint, MySQL, and other applications you run in Amazon Web Services.

    Cost-Effective Encryption Key Management

    With no end-point license fees and adopting the AWS cloud computing model where users only pay for what they use, encryption and key management fits within the most modest budget.

    Encryption Key Management, Wherever Your Data Is

    Alliance Key Manager for AWS can be used to protect your data wherever it rests – whether it is in the cloud or in your on-site data center.  Businesses can trust that their data is safe with a proven encryption and key management solution.

    Never Lose Access to Your Encrypted Data

    Because Alliance Key Manager for AWS supports real-time key mirroring across different AWS availability zones, customers never have to worry about losing their encryption keys.  Alliance Key Manager for AWS was designed from inception to be a resilient, centralized encryption key management solution with seamless backup and recovery.

    Client-Side Applications

    At no extra charge, Alliance Key Manager for AWS includes ready-to-use security applications for Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption, Microsoft SharePoint encryption, Key Connection for Drupal and other applications. There are never extra fees for deploying client-side applications.

    Encryption Key Management in AWS GovCloud

    Public Sector, Government, Education, and other regulated customers can purchase Alliance Key Manager with flexible payment options in AWS GovCloud. These agencies can use the key manager to create and manage encryption keys that protect data in their applications and databases running in GovCloud. From Personally Identifiable Information (PII) to sensitive patient medical records, Alliance Key Manager can help customers address compliance in AWS GovCloud.


    Encryption Key Management for Edge Computing

    Edge computing requires that applications and infrastructure move closer to end users to achieve performance and availability goals. For edge computing customers, this often means that application deployments move to cloud or remote on-premise facilities. With Alliance Key Manager for Edge Computing, businesses can affordably extend Alliance Key Manager to edge environments - in the cloud or on-premise.


    Deployment Options to Meet Your Needs

    Townsend Security offers the AWS customer a variety of choices about where to run Alliance Key Manager:

    • Amazon Web Services AMI
    • Virtual Private Cloud Within AWS
    • VMware


    Deployment & Training Services Are Included
    Complexity is usually the largest concern in integrating encryption key management.  Townsend Security has simplified the process. When businesses choose Alliance Key Manager, they not only receive industry leading encryption key management, but free deployment and security hardening services. Townsend Security’s services team will: 

    • Install and initialize Alliance Key Manager (AKM) virtual image
    • TLS certificate management, download and expiration date tracking
    • Redundancy implementation of mirroring
    • Backup configuration support
    • Security log forwarding via Syslog
    • MFA activation
    • Installation and configuration of Admin Console for key lifecycle management
    • Key retrieval configuration including vSphere, SQL TDE, MongoDB TDE, etc... 


    Amazon Web Services, the “Powered by Amazon Web Services” logo, are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.

    Certifications and Validations

    NIST AES compliance (ECB and CBC modes of encryption)

    NIST SHA validation

    NIST RNG validation (x9.31)

    NIST HMAC validation

    NIST FIPS 140-2, level 1




    Microsoft SQL Server

    Key Sizes

    AES 128, 192, 256 bit symmetric keys

    RSA 1024,2048, 3072, 4096 bit asymmetric keys

    Network Management



    Automatic log rotation

    Secure encrypted and integrity checked backups