For many large enterprises, ownership and control of encryption keys is a baseline requirement for SaaS adoption. IronCore's Customer Managed Keys (CMK) lets SaaS application vendor offer performant, per tenant encryption with integrations to all major key management infrastructures. Get to market faster and sell more to security-conscious customers.
2. ironcorelabs.com// @IronCoreLabs
WHAT IS CMK?
Per-tenant encryption for some data
All data access is logged in an audit trail
Master key(s) used to decrypt are held by the customer
Customer can revoke access
3. ironcorelabs.com// @IronCoreLabs
GDPR / NEW PRIVACY REGS TRICKLE-DOWN FEATURES
DATA SOVEREIGNTYBREACH APOCALYPSE
ANALYSTS BEST PRACTICES
In part because of breach disclosure laws and in
part due to the climbing complexities of systems,
big companies are getting pwned left and right
and making big headlines.
New privacy laws mean companies must have
greater control of and visibility into their data to
operate in various countries.
Analysts love CMK and are out telling companies
that they should be demanding it.
The top-tier companies now offer CMK so companies
are trying to push it to their other vendors.
In many jurisdictions, certain data isn’t allowed to
leave (in readable form). An alternative to creating
data centers everywhere is to keep the keys in-
country.
Folks, including especially analysts, are starting
to call CMK a “best practice” and this has huge
implications for what companies are contractually
(ie with insurance provider) and legally (ie with
HIPAA) obligated to do.
ironcorelabs.com// @IronCoreLabs
WHY?
Everyone is getting more sensitive to storing data in the cloud
10. ironcorelabs.com// @IronCoreLabs
Only a few lines of code.
(EDEK, ciphertext) = IRON.encrypt(metadata, plaintext);
plaintext = IRON.decrypt(metadata, ciphertext, EDEK);
(DEK, EDEK) = IRON.wrap(metadata);
DEK = IRON.unwrap(metadata, EDEK);
INTEGRATION IS SIMPLE