We are pleased to announce the official release of CipherTrust Manager (CM) and CipherTrust Cloud Key Management (CCKM) Version 2.13.1 with added support for AWS and Google. In addition, Data Discovery & Classification (DDC) is adding the discovery of secrets.
New Features and Enhancements
Below are highlights from this release. See the full Release Notes here.
Google Coordinated External Key Manager UI is generally available
To give key users control without requiring them to become experts on CipherTrust Cloud Key Management (CCKM) and security, Google created “Google Coordinated External Keys.” Google Coordinated External Keys are an abstraction layer, allowing GCP customers to create External Key Manager (EKM) endpoints directly from the Google console (the exact same thing we create when using solely CCKM) and someone else manages the CCKM environment. Security sees and manages all the keys in dedicated “cryptospaces” within CCKM.
Use Case 1: Sovereign cloud partners (supporting only GCP) buy and manage the CCKM environment. They don’t want their customers logging into CCKM. They want their customers to configure (enable, disable, rotate) their keys directly on the Google console (and behind the scenes, the keys are created on CCKM which serves as an external key manager).
Use Case 2: A large organization (supporting only GCP) may have their security department configure CCKM on the backend and their customers (lines of business within the organization) configure their keys directly on the Google console and everything is stored on CCKM.
For more detail, check Thales Docs.
External CipherTrust Manager as a new key source for CCKM
It makes sense to put your CCKM in the DMZ because CCKM connects to the internet – but you need to keep your source key in a more secure location. Logically, you relied on Hardware Security Modules (HSMs) as the external key source.
You can now store your source keys in an external CipherTrust Manager (CM) cluster in a secured network (on-prem or cloud-based) while your CCKM is in the DMZ with a local CM that stores only metadata from the CSP.
We support both CM and HSM as an external key source.
For more detail, see Thales Docs.
Migration
Source keys can be migrated from Data Security Manager (DSM) to external CM.
For more detail, check Thales Docs.
AWS IAM Roles Anywhere
CM is a secrets management platform with no issue storing static credentials, but sometimes companies cannot grant static credentials.
AWS IAM Roles Anywhere is a workaround for companies with a security policy that prohibits the use of static or long-term credentials. AWS IAM Roles Anywhere enables customers to use static credentials by obtaining temporary security credentials in IAM using X.509 certificates that are issued by a certificate authority and can be used in place of static or long-term credentials.
For more detail, check Thales Docs.
Read the full announcement at the Data Protection Technical Blog for additional detail.
Quick Links
CipherTrust Manager v2.13 Release Notes
CipherTrust Cloud Key Management PB – July ‘23
CM Product Brief –Sept ‘23
CDSP Product Brief – June ‘23
CDSP Datasheet –Sept ‘23
CipherTrust Data Discovery and Classification introduces support for secrets discovery
Thales is expanding the capabilities of CipherTrust Data Discovery and Classification (DDC) to include secrets discovery, beginning with over 20 InfoTypes in the v.2.13.1 GA release—including AES Key, Auth Secrets, and SSH keys. The external marketing announcement for secrets discovery is planned for Q1’24.
CipherTrust DDC efficiently identifies sensitive data in structured and unstructured locations both on-premises and in the cloud to help customers close compliance gaps. With the addition of secrets discovery, Thales continues to expand the types of system data that can be discovered by DDC. Secrets discovery complements CipherTrust Secrets Management powered by Akeyless Vault to help customers discover and centrally manage secrets to reduce the risk of exposed secrets and improve security posture.
The full list of InfoTypes supported by DDC is available on Thales Docs.
To learn more about challenges and best practices for managing secrets, check out the Enterprise Secrets Management Explained blog post.
Joint blog with Microsoft – live!
Check out this blog for an endorsement from Microsoft!
Cloud Key Management Solution for Azure, Azure Stack and M365
