StorMagic Key Management-as-a-Service (KMaaS)

Click here to download this data sheet in PDF format.

StorMagic KMaaS is a cloud-based encryption key management service that delivers painless security for any encryption workload. It allows businesses of all sizes to centrally store, manage, and consolidate key management functions across on-premise, private cloud, public cloud, hybrid cloud, SaaS, and a range of edge applications and endpoints.

Flexible

StorMagic KMaaS is incredibly flexible, with the ability to integrate with any encryption workflow, and connect to any location, anywhere. It supports data-at-rest encryption for database, storage, application and custom use cases, as well as data-in-transit for authentication, transactions, and data transfer. It also enables the consolidation and management of existing hardware security modules (HSMs) through a single pane of glass, as well as support for a multitude of new workflows such as cloud, SaaS, PaaS and IoT.

Robust

With StorMagic KMaaS, customer keys are always secure, and always accessible. It delivers powerful high availability, through the virtual appliance’s hardened design, and load balanced clusters that protect against distributed denial-of-service (DDoS) attacks. Superior data protection is achieved through the solution’s multi-level key security and strong authorization methods. The multi-tenanted architecture secures data through tenancy isolation, segmented databases, and workload boundary enforcement.

Simple

StorMagic KMaaS is easy to deploy, enabling customers to implement enterprise-wide key management in less than 5 minutes. It offers an exceptionally intuitive user experience, to easily manage users, groups and integrations, quickly create keys, and oversee the full key lifecycle. Administration is effortless, thanks to the wizard setup experience, painless backup and restore capabilities, and the ability to implement role based access control. Advanced reporting and behavioral insight enable detailed auditing and logging, dashboard alerts, and syslog exportable to popular SIEMs.

StorMagic KMaaS Features

StorMagic KMaaS offers access to all of the features of our enterprise-grade SvKMS encryption key management software, in a fully managed, multi-tenanted cloud service. It is secured and powered by redundant, FIPS 140-2 compliant, hardened virtual appliances, and is delivered through a highly available, geo-dispersed architecture.

Robust Crypto Operators
  • Supports many different key algorithms, including symmetric and asymmetric key types.
  • Formats include the following: AES 128, 192, 256, – RSA 2048, 3072, 4096 Elliptic curve (ECDSA) – support of 85 curve algorithms.
  • Enables users to choose the algorithm that fits their needs.
Programmatic Key Rotation
  • Retires outdated encryption keys and generates new cryptographic keys to replace them.
Painless Backup and Restore
  • Saves and stores the current SvKMS state for future restoration.
  • Set on-demand and scheduled backups to an external location, restoring them when required.
KMIP Server
  • Only one key management service is necessary to facilitate all key encryption requirements.
  • Deploy as a KMIP server in a virtual environment in minutes, for a fraction of the cost and effort of an HSM.
  • Reduce overheads/administration related to managing encrypted data, such as tape drives, databases, storage array and software, through centralized management.
REST API
  • Applications can connect, interact and integrate directly with SvKMS.
  • A common interface for key management operations (get, fetch, rotate, etc).
  • Build automation workflows and integrate with use cases limited by previous standards like PKCS#11.
Any Workflow
  • BYOK allows companies to encrypt data and retain control and management of encryption keys, even in the cloud.
  • Leading edge KMIP adoption, to enable communication with all systems and environments.
  • Extend the reach of HSM’s to a multitude of new workflows.
Full Key Lifecycle Management
  • Ensure compliance and enact robust key policies.
Advanced Authentication
  • Secure single-sign-on (SSO).
  • Cryptographically layered key wrapping.
  • Tokenization and Certificate authentication.
Detailed Auditing and Logging
  • Analyze and report on key management activities to uncover potential threats.
  • Collects data through the use of the syslog format, which can then be exported to external SIEM tools.

Pricing and Licensing

StorMagic KMaaS is available as a subscription service and can be purchased for 1, 3 or 5 year terms. Keys must be purchased separately and are available in key packs, starting at 50 keys, which can be combined to create a specific total based on the organization’s requirements. Key packs last for one year and the correct number of packs must be purchased to cover the length of the subscription.

Platinum-level maintenance and support during the subscription period is covered by the subscription fee – no further charges are required. For full details of what is included in StorMagic’s Platinum-level support, please refer to the StorMagic support policy.

For specific pricing and for more information about how StorMagic KMaaS can be purchased, please contact your local StorMagic sales representative or email sales@stormagic.com

Third Party Integrations

There are a number of additional storage and database integrations for StorMagic KMaaS that allow it to simplify the key management of an organization’s infrastructure. The integrations are identical to those available with StorMagic SvKMS and are generally achieved through the use of KMIP. The integrations are listed below:

Integration Explanation
VMware vSphere and vSAN Enables vSphere VM encryption, via KMIP integration
Nutanix Enables the use of self encrypting drives (SEDs), via KMIP integration
IBM DB2 SvKMS can create a centralized key store when using DB2 native encryption
MongoDB Enables data-at-rest encryption through storage-based symmetric key encryption, via KMIP
NetApp ONTAP SvKMS can act as a key management server for volume encryption, via KMIP
Veritas SvKMS can act as the key management server for Veritas Netbackup encryption, via KMIP
Commvault Using KMIP, SvKMS protects Commvault software encryption keys stored in a CommServe database

 

Further details on these integrations and how they can be implemented can be found within the SvKMS Manual.

Click here to download this data sheet in PDF format.