Zserver Storage EKMS

Enterprise Key Management Server (EKMS)

 Encryption of data is by far most secure way of protecting information available today. It offers unparalleled security, if implemented correctly. Until recently, this protection came with significant overhead of the encryption keys administration and management. This is because encryption keys are not easily replaced or recovered. In fact, data encrypted with a strong algorithm and a long enough key are virtually unbreakable and irrecoverable if the key is lost. On the other hand, any disclosure of the key to an unauthorized party or a system can easily result in costly data breaches. Therefore, it is imperative for an enterprise to fully understand the encryption key management life cycle before committing to a solution. 

Encryption Key Quorum

The Zserver Enterprise Key Management Server (EKMS) is built by data encryption experts with deep knowledge and understanding of data encryption complexity and  key management challenges organizations are facing today. EKMS was designed with a paradigm that no single entity should be granted sole possession of an encryption key. This is implemented by means of encryption key quorums. An encryption key quorum is a minimum required number of two or more key fragments to assemble the encryption key. For example, an organization can safely generate high number of key fragments (up to 75) and set the quorum to 2 fragments. This will enable the organization to provide each system administrator with a single key fragment, requiring at least two administrators to load the encryption key. This process effectively eliminates dependency on any single staff member, while abolishing the need to re-encrypt data when key fragment is lost or employee leaves the organization. Key fragments are stored on smart cards or other secure storage media.

Centralized Secure Encryption Key Repository

Safekeeping of encryption keys is facilitated by centralized repository encrypted by a master key. Master key can be generated using encryption key quorum (recommended). This provides enhanced security of keys used to encrypt company’s data. EKMS extends roll-based granular access management to both the repository and the keys themselves, allowing segregation of duties, such as generating keys, accessing key particulars, loading keys from EKMS, other administrative tasks.

Auto-Loading Encryption Keys

Server maintenance often requires servers to be taken offline and restarted. This causes encryption keys offloading from memory. While working with several servers may not impose significant administrative overhead, operating hundreds or more, manually loading the keys is much more challenging. EKMS allows streamlining these tasks by automatically loading corresponding encryption keys when servers are brought back online. EKMS ensures server integrity by validating each server’s certificate prior to loading the key, avoiding any network conflicts or changes in hardware. 

Managing Cloud Security

Security in “the cloud” is a major obstacle that prevents many organizations from employing this computing services delivery model and taking advantage of available cost savings. By outsourcing all or some parts of its IT functions (or infrastructure), an organization often relinquishes the ownership and/or control over its informational assets to a third-party provider. This is a tremendous risk for many businesses, as they struggle to assess their cost savings against potential damages from data breaches or losses. With EKMS support, Zecurion offers several solutions to companies looking to utilize “cloud” services for their data backups or other needs. Within Zecurion framework, a company would host EKMS internally, thereby maintaining encryption keys, while outsourcing server or data hosting to an outside vendor. For more information, please refer to our “Cloud”-based solutions, or contact us directly.

Click here to register and see Zserver Storage in action.