We are excited to announce the availability of two optional add-ons to Keyfactor’s already flexible and robust SaaS-delivered PKI and certificate management solutions via Keyfactor Command. SaaS Private Connector for Azure and BYO-Keys for App-Level Encryption further enable clients to fit the needs of their unique regulatory, security, and policy requirements.
These releases are a direct response to the needs and feedback of our clients and fellow industry professionals. They are meant to help answer the critical needs of secure infrastructure and service communication channels surrounding PKI.
Bring Your Own Keys (BYOK) for application-level encryption
New to SaaS-based deployments of Keyfactor Command, BYOK for application-level encryption debuts thanks to increasing demand for customers to generate and store database encryption keys used for Command within a hardware security module (HSM) that they control.
“Database encryption keys are always stored securely and protected for all of our cloud-based clients,” says Bryan Uhri, Product Manager for Keyfactor’s PKI as a Service (PKIaaS) and Certificate Lifecycle Automation as a Service (CLAaaS). “This option provides customers with additional flexibility and sovereignty when they have specific requirements to retain control of those encryption keys within an HSM that they own and manage.”
Through our partner, Fortanix, and their Data Security Manager (DSM), customers can use their own cloud-based HSM to store database keys, or use an on-premise HSM of their choice through the DSM Gateway. While inherently increasing the security and policy-compliance of deployments for customers with stringent security controls, this also ensures that control of data accessibility lies with our clients; further ensuring the integrity and confidentiality of data.
All clients currently leveraging Keyfactor Command SaaS or Command PKIaaS can now take advantage of this new enhancement. If you’re an existing client, reach out to your account team for more information. If you’re new to Keyfactor Command, request a demo today.
SaaS Private Connector
The new SaaS Private Connector allows clients to connect Keyfactor-managed solutions hosted in Azure — either Certificate Lifecycle Automation as a Service (CLAaaS) or PKI as a Service (PKIaaS) — directly to their own Azure tenant. This model leverages Azure Private Link, eliminating the need to send traffic over the Internet, which allows clients to tunnel application traffic on their own terms and control access from within their network, while also ensuring continuous uptime and availability of critical resources.
The new feature cuts out the need for complex VPN or firewall configuration, giving clients complete control over the connection and the traffic between their Azure-based services and Keyfactor’s solutions. Additionally, connectors can stack, allowing for multiple connections to different tenants.
We’re excited to provide clients with even more flexibility and control over how they protect their critical assets. Stay tuned for more information as we continue to deliver new capabilities throughout the coming year.