“Key management will become important as more devices add cryptographic capabilities and thus more data is encrypted. I think NeoScale has done a fantastic job of addressing this market direction with real products.”

- Jon Oltsik, Analyst
Enterprise Strategy Group

Encryption Key Management Winner of the 2007 Tomorrow's Technology Today Award
   
PDF Icon View/Download the CryptoStor KeyVault datasheet
   
NeoScale Key Management
A Business Case
Learn how NeoScale's secure, automated and open enterprise-class appliance for data-at-rest encryption key management protects organizations' sensitive information against inadvertent loss and malicious attacks.
Download the Flash Demo »
(10MB executable file)


Accelerate with KITs
KeyVault Integration Toolkits
Accelerating your business to business information sharing through the most secure, scalable network-based enterprise key management services

Enterprise Key Management

  • Meets FIPS 140-2 Level 3 requirements
  • Automated key operations
  • Open API for 3rd party integration
Benefits

  • Enterprise and central management of all keys
  • Automated and secure archival and recovery of keys
  • Cost-effective deployment

CryptoStor KeyVault

Enterprise-Class Key Management

CryptoStor KeyVault

NeoScale's award winning CryptoStor KeyVault is the industry's first secure, automated and open enterprise-class appliance for data-at-rest encryption key management. From its FIPS 140-2 Level 3 compliance to its open APIs allowing 3rd party vendor integration, CryptoStor KeyVault provides customers with significant operational cost savings today while consolidating their key management systems in the future. CryptoStor KeyVault delivers automated key management that allows one-step disaster recovery, secure sharing of data with business partners and key sharing with unprecedented security and ease-of-use.

Key and Policy Management

Key and Policy Management: Create - Random key creation to ensure data privacy Hardware and Software Random Number Generation for maximum security, Distrubute-Secure and automated key distrobution for multi-site access to keys, Archive-Secure long term archiving of keys to ensure compliance with information retention requirements, Share-Secure and simple sharing of encrypted data with business partners, Recover-Recovery of keys when needed at any site. Keys are not accessed until actually needed for highest security, Delete-Enforcement of data destruction across multiple locations to meet compliance requirements

Highest Level of Security

A FIPS 140-2 Level 3 tamper-proof appliance ensures the foundation of security is solid. All hardware, software, firmware and user operation is covered by the FIPS certification leaving no weaknesses. Building on that foundation, secure communications between CryptoStor KeyVaults, NeoScale appliances, and 3rd party key management systems is assured with mutual session authentication using public/private key pairs and SSL/TLS protocols. At no time are keys ever exposed unencrypted outside of the secure tamper-proof appliance.

Highest Level of Automation

The management of enterprise encryption keys is too important to leave to chance with complex manual operations. The chance of user or operator error is just too high especially in critical situations such as disaster recovery. CryptoStor KeyVault automates all of the essential key lifecycle activities eliminating any chance of failure.

Security managers decide when and where keys should be made available and create Trust Relationships to automate their decisions. Once made active, Trust Relationships automatically ensure that keys are available when and where they are needed and only by properly authenticated consumers.

Highest Level of Openness

CryptoStor KeyVault is made open to 3rd party developers through published APIs (Application Programming Interfaces), sample code, and technical references, technical briefs and other documentation to help development.

Global Key Management

NeoScale's Global Key Management delivers a tiered strategy for complete key security while ensuring recovery of encrypted tape information from any authorized location.

Global Key Management has been delivered in every one of NeoScale's appliance products to date and is now extended and enhanced to the Enterprise tier through CryptoStor KeyVault.

  • Tape and Disk – Key-per-tape, key-per-disk, key-per-session security for maximum granularity
  • Appliances (CryptoStor Tape, CryptoStor Disk) – FIPS operation mode ensures that unencrypted keys never leave the appliances. CryptoStor further supports M of N (shared secret) backup and recovery of system keys and configuration data for secure appliance recovery.
  • Data Center – CryptoStor clustering automatically shares keys and policy data between clustered appliances to ensure automated recovery via any active clustered appliance. If an appliance fails, a replacement appliance can be quickly authenticated and synchronized with the remaining cluster members.
  • Enterprise-wide – Using CryptoStor KeyVault, CryptoStor Tape appliances can now support worldwide tape recovery through any authorized, CryptoStor appliance or CryptoStor Tape Recovery Software application. This allows automated and secure sharing of media and keys between datacenters, one-step disaster recovery of keys, and secure sharing of encrypted media with business partners.

CryptoStor keyVault Diagram

Key Applications

Secure Key Domains

  • Segregated key domains protect categories of keys/data allowing service to be provided to many users

Automatic Multi-Site key Sharing

  • Keys can be made automatically accessible from multiple data centers for flexible and secure sharing of one or all keys

One-Step Disaster Recovery

  • Once a disaster (or disaster test) is declared, a single click is all that is needed to make the offsite keys accessible at the disaster site

Business Partner Key Sharing

  • Individual keys can be securely made available to partners

Open Key Management API

  • Investment protection through open and active integration with 3rd party key producers such as encrypting tape drives, encrypting storage arrays, backup applications, databases, proprietary key managers and custom applications

Highlight Specifications

Security

  • Tamper-proof enclosure meeting FIPS 140-2 Level 3 requirements
  • Role-based access using security best practices
  • Cryptographic signed audit log
  • System Key Security using SmartCards
  • SmartCard authenticated access
  • M of N key recovery (shared secret)

Storage

  • All keys encrypted and stored within the cryptographic boundary of the appliance
  • Support for million of keys
  • Unlimited number of key domains

Management

  • Web GUI, CLI
  • SSL/TLS communications and SSH remote access
  • Authenticated and role-based users: administrator, security officer, recovery officer, key domain manager, auditor

Physical

  • 2U, 30 lb, 19” rack mountable (17”x30”x3.5”)
  • Hot swappable, redundant fans and universal power supplies
  • 100/240 VAC, 50/60Hz, 460W

Certifications

  • FIPS 197: Advanced Encryption Algorithm
  • FIPS 180-2: Secure Hash Standard
  • FIPS 186-2: Random Number Generator
  • FIPS 186-2: Digital Signature Standard

CryptoStor KeyVault FAQs

PDF Icon View/Download the CryptoStor KeyVault datasheet