News
Launch of SkyKey™ fulfils enterprise vendors’ dream: secure data with customer control
February 2013 by Marc Jacob
CertiVox, a provider of web 2.0 security services, announced the official launch of SkyKey™, an automated, hosted encryption key management service for ISVs and cloud services providers. SkyKey puts secure control of data back into the hands of vendors’ enterprise customers - but without costly proxies and certificates, cumbersome PKI infrastructure, or manual scripting.
Until now, vendors of cloud applications and services (and their developers) have been unable to offer effective, suitable encryption key management for their enterprise customers’ use. Two challenges arise around this, one technical and one commercial:
The technical challenge - Security in enterprise services is not 1-to-1 or static. File transfer or collaboration applications are a good example. Variable numbers of users have constantly changing degrees of access to constantly evolving folders, across multiple devices (PC, smartphone, tablet) and may join, depart or re-join at any time. Traditional security approaches, such as PKI, simply cannot scale to these levels, because the management of the security certificates and encryption keys involved is a highly manual process.
The commercial challenge – The traditional PKI approach also places control of the encryption keys in the hands of the vendor/developer, not the customer. Many regulated industries (for example, banking) legally require that the encryption keys be controlled by the customer on-premise, so vendors simply cannot address this market.
The launch of SkyKey means that both these challenges are now comprehensively addressed. Firstly, SkyKey is an Infrastructure as a Service (IaaS) solution that enables developers to easily embed encryption key management into systems, communication layers and applications, in a way that scales and grows automatically. Secondly, enterprises that, for regulatory or other reasons, need to run their key management on-premise, can use a distributed form of the SkyKey service, in which the keys are managed from within the enterprise’s own datacentre.
Technical information
SkyKey is supplied as an API, with an optional SDK for added flexibility. Developers can simply use the API and/or the SDK to embed SkyKey into their applications. The SkyKey SDK is open source and can be downloaded for free from CertiVox.
SkyKey creates random encryption keys, which are themselves encapsulated (i.e., encrypted) using an identity that is authorised to access the key. That identity is used to create a key manifest. Only authorised identities that are intended to decrypt the data can de-encapsulate and access the encryption key.
