Ensure enhanced encryption key control and data security for Google Cloud with CipherTrust Key Broker service on Thales Data Protection on Demand. CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for you to follow security and key management best practices, while leveraging the power of Google Cloud for compute and analytics.

Keep your encryption keys separate from your sensitive data in Google Cloud

Thales has integrated CipherTrust Key Broker service with Google Cloud EKM, providing enhanced encryption key control and data security for Google Cloud Platform users. Leveraging the industry leading Thales Data Protection on Demand security-as-a service platform, CipherTrust Key Broker for Google Cloud EKM is now exclusively available on the Google Cloud Marketplace.

Retain possession and control of your keys, while still being able to store and process data in the cloud

By generating encryption keys using CipherTrust Key Broker — separate from where your sensitive data is being hosted — you can verify the origin and quality of the keys you’re providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment.

You always hold your master keys in a Thales Luna Cloud HSM, which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust, and ensures separation between data and encryption keys, helping to fulfill compliance and security requirements.


Meet security mandates and compliance:

  • Key access justifications – decide when and why data can be decrypted
  • Enhanced key usage policies and access control
  • Maintain key provenance
  • Audited / distributed key availability

Streamline operations and centralize key management:

  • Simplify the management of encryption keys including: secure key generation, storage, distribution, deactivation and deletion outside of the cloud environment where data is stored
  • Low latency without compromising on performance when carrying out key management operations and controls

Simplify configuration and deployment:

  • Google Cloud EKM is a cloud native API, that interacts with the CipherTrust Key Broker via a single URL which simplifies configuration, deployment and is easy to consume
  • Key store and configuration options for enhanced control over where encryption keys reside
  • Key caching capabilities to appropriately balance risk, control, security, performance and operational complexity when protecting cloud workloads
  • CipherTrust Key Broker for Google Cloud EKM is available in the Thales Data Protection on Demand platform, a cloud-based service that offers:
    • Key management capabilities deployed within minutes
    • No need for specialized hardware or associated skills
    • Secure generation and storage of master keys in a Luna Cloud HSM (separate from Google Cloud), maintaining strict access and controls

To learn more about the features and benefits of this solution, visit the Thales website, or download the solution brief.

Helpful Resources

Questions? Please contact your Thales sales representative.