SENSITIVE DATA PROTECTION SOLUTION

DuoKey for AWS XKS

The DuoKey for AWS XKS module is now available for customers who have a regulatory need to store and use their encryption keys outside of the AWS Cloud or on premises

Our products are designed to take cloud security beyond industry standards, guaranteeing no one can access your critical data without authorization.

Control
Control your own encryption keys while staying compliant
Protect
Protect all yous aws services with your own encryption keys
track
check which aws services used your master keys to protect your cloud data

Protect your Data at Rest stored in AWS Cloud using our innovative MPC Key Management

AWS KMS forwards API calls to securely communicate with DuoKey for AWS XKS, ensuring that key material never leaves the XKS. This solution enables the encryption of data with external keys for most AWS services that support AWS KMS customer-managed keys, such as Amazon EBS, AWS Lambda, Amazon S3, Amazon DynamoDB, and over 100 more services. There is no need to change existing configuration parameters or code for these services.

Built with Security and Privacy in mind

This new capability, which uses secure multiparty computation (MPC) rather than traditional hardware security modules (HSM), offers several significant advantages for customers moving data to AWS AWS has no access to any encryption keys.

Protect your keys

AWS KMS uses DuoKey XKS to unwrap Data Encryption Keys (DEKs) for use by supported services. DEKs protected by our MPC KMS are encrypted by DuoKey XKS. This ensures that DuoKey XKS never sees the customer's keys.

Prevent data-leakage

Organizations can control their risk by using a MPC Key Management System (KMS) solution which is called by AWS XKS Proxy. This allows them to have exclusive control over their keys and data.

Always encrypted

This solution enables the encryption of data with external keys for most AWS services that support AWS KMS customer-managed keys, such as Amazon EBS, AWS Lambda, Amazon S3, Amazon DynamoDB, and over 100 more services

SECURITY AND PRIVACY FIRST

MPC at scale to externalize your key management

When an AWS service is configured to encrypt data at rest, it requests a unique encryption key, known as the data encryption key, from AWS KMS. To protect these keys, AWS KMS encrypts them with a customer-managed key, also known as a root key. This is called envelope encryption, as the encrypted data and key are stored together.

The root key material is now generated using a secure multi-party computation (MPC) process. This ensures that the key material is never revealed in plain text to any single party, including AWS KMS.

Root keys can be tied to data classification, different AWS services, or project tags, and can be unique to each AWS Region. When you create and manage root keys yourself, they are called customer-managed keys. When they are created on behalf of an AWS service, they are called AWS-managed keys. All KMS encryption and decryption operations happen within the secure environment of the MPC.

 

keep your sensitive data private
Granular Access Control Equals Robust Security
SECURITY-FIRST

Granular Access Control Equals Robust Security

Granular access control provides strong authentication and authorizes individuals to access only the information they are allowed to use and see.

DuoKey has resolved an operational headache for us by letting us managing all keys in one place

See our supported Key Vault for storing your encryption keys with AWS XKS

DuoKey AWS XKS can also leverage on industry vendors HSM like ATOS, Thales, Securosys and Entrust but also integrate our innovative MPC KmaaS powered by SEPIOR MPC

Key Vault for storing your encryption
Securosys for Encryption
Sepior Logo Medblue
ATOS logo - Data Security Services
Amazon Web services
Fortanix for Data Security and encryptions