Gemalto Safenet KeySecure

Encryption Key Management with Gemalto SafeNet KeySecure provides complete protection, ownership, and control of your data and cryptographic keys on virtual machines, dedicated physical devices, on-premises, or in the cloud. Additionally, multi-factor authentication with SafeNet Authentication Service (SAS) ensures a secure login process for accessing popular SaaS applications.

Cloud Data Security Challenges


While moving to the cloud can enable flexibility and cost savings, the ability for a third party to access plain text data presents organizations with new security challenges like:

  • Ensuring data security in third-party environments
  • Complying with data privacy and security regulations, such as EU GDPR
  • Meeting data residency requirements
  • Controlling user access to SaaS applications and sensitive data

Maintain Data Privacy
and Security in the Cloud


Vaultive and Gemalto provide a solution to fill in cloud security gaps by integrating Vaultive’s Cloud Security Platform with Gemalto’s SafeNet KeySecure and SAS. This joint solution allows organizations to encrypt SaaS application data before cloud exposure while securely protecting their encryption keys in a centralized location. It also enforces continuous authentication post-login when users perform potentially risky actions or access sensitive data – the Vaultive platform can detect this and invoke SAS to re-authenticate or step-up authentication.

Beyond BYOK


Even with native security features like bring your own key (BYOK), cloud service providers still require access to your keys in order to preserve application functionality. While this approach can reduce risk, it doesn’t completely solve advanced security use cases such as blind government data requests and insider threats.

Seamless Integration Provides Centralized Encryption Key Management


Vaultive’s integration with SafeNet KeySecure supports the following deployment options for storing encryption keys on a KMIP-based server:

  • Store keys using Virtual KeySecure, a FIPS 140-2 Level 1-validated, hardened virtual security appliance.
  • Store keys using KeySecure with a FIPS 140-2 Level 3 internal hardware root of trust (RoT).
  • Store keys using KeySecure with a FIPS 140-2 Level 3 hardware RoT using SafeNet Network HSM or Amazon Web Services (AWS) CloudHSM.

Key Benefits

Improved Cloud Data Security

Best-practice methods ensure data is encrypted at the boundary of an organization’s protected network, and IT teams retain exclusive control and management of encryption keys

Continuous Cloud Authentication

Provide contextual access controls by enforcing two-factor authentication based on user behavior in SaaS applications.

Easy Management and Consolidation

An integrated solution for both cloud encryption and key management reduce the cost and effort of securing multiple cloud services and managing the keys for disparate security solutions.

Multiple Deployment Approaches

Manage and deploy encryption keys in physical, virtual, and public cloud environments.

Flawless User Experience

Patented processes preserve characteristics of the data so that it can be indexed, searched, and sorted while remaining encrypted, with no end user training or action required.

Sole Ownership of Encryption Keys

Using the Key Management Interoperability Protocol (KMIP) standard, SafeNet KeySecure can centrally manage the data owner’s keys.

Ready to secure your cloud data, manage your encryption keys, and control user access with an integrated solution?