Enterprise Secure Key Manager (ESKM)
The most interoperable and integrated Key Manager
- Securing capacity of more than 2 million keys for at least 25,000 clients and thousands of ESKM nodes
- Software included
- Designed to be utilized according to different security approvals: FIPS 140-2 Level 1, 2, 3 and 4 (physical) and Common Criteria
Key Benefits
Unprecedented Capacity
Capacity to manage more than 2 million keys, over 25,000 clients and thousands of ESKM hardware or virtual appliances.
Out-of-the box Software
Use ESKM right out of the box due to the pre-installed, digitally signed software which is verified for immediate use.
Fitting FIPS Certification Level
Choose the right level of FIPS certification for the business from four options.
Details
- Product description
- Key features
- Desployment options
- Further solutions
Secure Keys for Data at Rest, in Use, and in Motion – Fully FIPS Certified
Every organization has customer and employee data that must be protected. ESKM guards against organized attacks, misuse, and data breach exposure which can result in the loss of sensitive data, as well as harm a company’s reputation and brand.
Encryption is easy, and although key management may be difficult, it’s certainly not impossible. ESKM secures keys and provides centralized key management, saving time and money.
ESKM is the first industry-certified Key Management Interoperability Protocol (KMIP) v2.1 offering with market leading support for partner applications and pre-qualified solutions, integrating out-of-the-box with varied deployments, as well as custom integrations.
Cloud Integrations and BYOK
ESKM is collaborating with both Google and Microsoft Azure to help organizations transition securely to the cloud. With the BYOK - Bring Your Own Key - concept, enterprises encrypt their own data, retain control of their encryption keys, and do not give the control away to the CSP.
Key Control and Management through a single pane of glass
- Controls and manages all keys for auditing controls with digitally signed logs and key lifecycle activities
- Reduces audit costs and accelerates visibility
Streamlining Data and Processes
- Unified enterprise key management
- Reliable policy controls
- AESCentralized administration and audit trails to assist in control attestation
Easy Deployment and Simple Licensing
- Install, configure and simply drop in ESKM as hardware or as a virtual application.
- Access transparent client licensing, without hidden costs attached to volume of keys or scalability
Hardware-based Security on highest level
- Locking front bezel and dual pick-resistant locks provides security officers with dual control
- Security hardened Linux-based server appliance; designed as cryptographic module for FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 use cases
- Supports mirrored internal storage, dual networks, dual power, and redundant cooling
- Provides a terminal interface (serial RS-232C) and VGA for initial installation setup
Included Software for easy use
- Allows comprehensive monitoring, recovery, scheduled backups, and log rotations, restore functionality
- Web browser GUI and Command Line Interface supported
- Supports (among others): AES, 3-Key Triple DES, HMAC, RSA, and ECDSA key types
- Provides SNMP alerts and SIEM log monitoring
- Provides TLS and SSH for secure administrator remote access
Fulfills various compliance requirements
- Designed for NIST SP 800-131A and FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 requirements
- Certificate-based mutual client-server authentication, secure administration, and audit logging
- Common Criteria Evaluation Assurance Level (EAL 2+) certified
- Conforms with KMIP 1.0 through 2.1 specifications
- Performs automatic key replication, client load balancing, and fail-over
- Embedded Local Certificate Authority as an option to protect keys in transit
Single and centralized root of trust
- Stores the keys used for cryptographic functions by using the foundation on which all secure operations (including key retrieval of vESKM) depend upon
- Enables an inherently trusted ecosystem
Portfolio Support
- Further protection of keys at rest by integration of the Utimaco CryptoServer LAN HSM
- Full integration of vESKM (virtual appliance for FIPS 140-2 Level 1 use cases) with the UTIMACO GP Hardware Security Module: CryptoServer LAN V5
- Integration of ESKM L3 and L4 (physical) with embedded CryptoServer PCIe card
Robust Scalability and High Availability
- Geographically separates clusters across datacenters
- Thousands of clients, thousands of virtual or hardware appliances and millions of keys are supported
- Highly redundant hardware and failover
Convenient Administration
- Configuration and automated keys replication through active-active cluster
- Allows for hands-off administration
- Performs automated backups and audit logging
Most Interoperable
- Support for partner applications and pre-qualified solutions through the first industry-certified Key Management Interoperability Protocol (KMIP)
- OASIS KMIP allows communication with clients for key management operations on cryptographic material, including symmetric and asymmetric keys, certificates and templates
- Streamlines security policies with a single approach for consistent controls and compliance audits through moving to KMIP
- Both time and cost effective - a single system to learn, control, maintain and audit, as well the ability to integrate new applications without having to reinvest in management
- Avoid vendor lock-in and outdated technology
- Enforces best practices with universal, automated key lifecycle controls
Custom Integrations and Scaled Deployments
- Simplified RESTful API interface for key CRUD (Create, Read, Update, Delete) operations and crypto
- Supports open client libraries such as KMIP, OpenKMIP and PyKMIP
- Implements auto-registration with its native XML-based KMS protocol
- Supports the widest client integrations in the industry
Integrates with largest HPE ecosystem and third-party applications
- ESKM KMIP Integrations (BDT, Bloombase, Brocade, Cryptosoft, ETI-Net, Fornetix, Hitachi Vantara, IBM DB2, MongoDB, NetApp, OpenStack community, Project 6 Research, Quantum, Spectra Logic, Suse, Vmware, ZettaSet)
- HPE Security and Storage Solutions (Helion (OpenStack Barbican + HPSE), MF Autonomy (Connected MX Backup/Recovery), Nimble, NonStop, Secure Encryption (Proliant/smart array controller), SimplyVity/Hyper Converged, StoreEver, StoreEver Tape Library, StoreOnce, StoreServe 3PAR, XP, XP Storage)
Lower your costs and scale key management with Virtual Enterprise Secure Key Manager (vESKM)
- A virtual appliance is easily deployed
- For high availability
- Easy expansion within an existing environment
- Centralizes cryptographic processing, security policies and key management in a FIPS 140-2 Level 1 compliant platform
- Easily implement a virtual key management strategy
On-premise
Our on-premise options allow hosting the product directly on-site in your own network or data center.
- LAN Appliance
- Virtual Appliance
CryptoServer LAN V5
The general-purpose Hardware Security Module as network-attached appliance for the use in data centers. Designed to handle the most common business applications.
UTIMACO DKE Anchor
Two-tier security for the most sensitive data in Azure
Contact us
We look forward to answering your questions.