Encryption & Key Management HSM in the Cloud

Alliance Key Manager Cloud HSM

Encryption & Key Management HSM in the Cloud
800.357.1019
800.357.1019

Alliance Key Manager Cloud HSM enables enterprises to meet encryption and key management compliance requirements for data security in cloud environments using dedicated Hardware Security Modules (HSMs). Townsend Security’s Alliance Key Manager Cloud HSM FIPS 140-2 compliant and in use by over 3,000 organizations worldwide.

Encryption Keys Under Your Control

With Alliance Key Manager Cloud HSM, enterprises can increase their level of security by safely managing encryption keys outside of their cloud service provider’s (CSP’s) infrastructure. The solution is cloud agnostic and offers encryption and key management to applications running in Amazon Web Services, Microsoft Azure, Rackspace, and many other cloud environments.
 

Secure & Compliant Encryption Key Management

Townsend Security works with TierPoint to offer a pair of production and high availability (HA) key servers in geographically dispersed data centers under ITIL-based control environments independently validated for compliance against PCI DSS and SOC frameworks.
 
With Alliance Key Manager Cloud HSM users and cloud partners can protect sensitive data with a dedicated HSM that has been validated to government standards. By working with a third-party hosting partner, only you have access to the key management HSM - no access is available to your cloud service provider, hosting provider, or Townsend Security.
 

Pricing Options for Your Budget

Unlike other Cloud HSM offerings, Alliance Key Manager Cloud HSM includes two key servers (production and high availability failover) at no additional charge and at a substantially lower cost, and you won’t pay additional client-side license or usage fees.  
 

With Alliance Key Manager You Can:

  • Create, protect, store, and distribute encryption keys with tamper-evident HSM appliances. Only your security administrators have access to the HSMs.   
  • Deploy your own key retrieval software or leverage Townsend Security’s rich library of sample code for key retrieval and on-device encryption. Developer resources are available for Java, PHP, Perl, Python, C/C++, C#, PL/SQL, COBOL, and RPG. Database support include MySQL, Microsoft SQL Server, MongoDB, and others.                 
  • At no extra charge, deploy Townsend Security’s Key Connection application for Microsoft SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption (CLE), Microsoft SharePoint encryption, and other applications. There are never extra fees for deploying client-side applications.
  • Meet compliance regulations for system log collection - without interference by your cloud service provider. 
  • Create secure backups of your key database.
  • Achieve true separation of duties and dual control that are mandatory for regulatory compliance and security best practices.
  • Deploy fully redundant, highly available, mirrored key servers with geographic separation for the highest possible uptime for any data protection need. You can even integrate key management HSMs with key servers hosted in your data center.
Certifications and Validations

NIST AES compliance (ECB and CBC modes of encryption)

NIST SHA validation

NIST RNG validation (x9.31)

NIST HMAC validation

NIST FIPS 140-2, level 1

OASIS KMIP

Client-side Applications

Microsoft SQL Server Transparent Data Encryption (TDE)

Databases

MySQL

Microsoft SQL Server

Key Sizes

AES 128, 192, 256 bit symmetric keys

RSA 1024,2048, 3072, 4096 bit asymmetric keys

Network Management

NTP

Syslog-ng

Automatic log rotation

Secure encrypted and integrity checked backups

Specifications

Features Hardware Security Module (HSM), VMware, Cloud HSM, or Cloud (AWS, Microsoft Azure) AES 128, 192, 256 bit keys Secure key retrieval with TLS Encrypt/Decrypt with AES 128, 192, 256 Encrypt/Decrypt with AES ECB and CBC modes of encryption Maximum keys: Unrestricted Maximum clients: Unrestricted High availability mirroring for failover and load balancing; Mirror selective keys; multiple mirror servers. Active-Active or Active-Passive. Key access controls by user and group Dual control Server management via secure web browser Key management via Windows GUI console Systems management with syslog-ng, logrotate, etc. Tamper-evident case option   Hardware Memory: 2GB RAM Processor: Intel I3-540, DUAL CORE, 3.06GHZ Storage: 2 x 300GB 15K SAS, RAID, Hot Swap Dimensions: 16.8” (W) x 1.7” (H) x 16.8” (D) Weight: 37.0 lbs ship weight Power: Dual redundant 100/240 VAC  (auto-range); 280W, 955 BTU/HR Temperature: 10°C ~ 35°C Humidity: 8 to 90%, non-condensing Compliance: CS, FCC, RoHS, VCCI - See more at: http://townsendsecurity.com/products/encryption-key-management#sthash.0JjoiCQm.dpuf

Specification Features

Features Hardware Security Module (HSM), VMware, Cloud HSM, or Cloud (AWS, Microsoft Azure) AES 128, 192, 256 bit keys Secure key retrieval with TLS Encrypt/Decrypt with AES 128, 192, 256 Encrypt/Decrypt with AES ECB and CBC modes of encryption Maximum keys: Unrestricted Maximum clients: Unrestricted High availability mirroring for failover and load balancing; Mirror selective keys; multiple mirror servers. Active-Active or Active-Passive. Key access controls by user and group Dual control Server management via secure web browser Key management via Windows GUI console Systems management with syslog-ng, logrotate, etc. Tamper-evident case option   Hardware Memory: 2GB RAM Processor: Intel I3-540, DUAL CORE, 3.06GHZ Storage: 2 x 300GB 15K SAS, RAID, Hot Swap Dimensions: 16.8” (W) x 1.7” (H) x 16.8” (D) Weight: 37.0 lbs ship weight Power: Dual redundant 100/240 VAC  (auto-range); 280W, 955 BTU/HR Temperature: 10°C ~ 35°C Humidity: 8 to 90%, non-condensing Compliance: CS, FCC, RoHS, VCCI 

Solution Briefs

Alliance Key Manager

Alliance Key Manager (AKM) is a solution that provides Enterprise customers, OEMs, and ISVs with a secure method of managing encryption keys for their data security applications.

Alliance Key Manager Cloud HSM

On the road to protecting sensitive data assets in the cloud, data encryption remains one of the most difficult goals.

Alliance Key Manager Cloud HSM - FAQ

This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager Cloud HSM.

Datasheets

Alliance Key Manager

Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.