SALT LAKE CITY – April 3, 2018: Venafi®, the leading provider of machine identity protection, today announced the debut of Venafi Advanced Key Protect, a new solution that allows users to generate strong encryption keys from a central hardware security module (HSM). Venafi Advanced Key Protect integrates with industry-leading HSMs, including Thales and Gemalto, allowing customers to ensure consistent use of strong cryptographic keys throughout the enterprise.
“In the age of security risks like Meltdown and Spectre, the threats against machine identities cannot be understated,” said Kevin Bocek, vice president for security strategy and threat intelligence at Venafi. “Harnessing the power of HSM key generation to improve security has been time-consuming, expensive and error-prone. Now with Venafi Advanced Key Protect, security teams no longer need to trade off speed and crypto-agility for compliance. Venafi is excited to work with our HSM partners to deliver this powerful innovation to our mutual customers.”
As the number of vulnerabilities and attacks targeting encryption keys increases, it is imperative that enterprises utilize stronger keys. Because organizations that deploy HSMs lack the ability to manage their keys centrally, it is difficult to consistently enforce enterprise policy controls. Lack of central management capabilities also makes automation of the entire key life cycle problematic. To address this issue, many organizations create custom scripts that require ongoing maintenance or use manual, error-prone processes.
Venafi Advanced Key Protect delivers an out-of-the-box solution that overcomes these challenges. As an add-on module to the Venafi Platform, the security solution applies policy and workflow controls that enable fast, automated key orchestration. Together, these capabilities make it possible for enterprises to ensure they consistently use the strongest cryptographic keys possible.
Key benefits of Venafi Advanced Key Protect include:
- Out-of-the-box compliance with enterprise policies and industry regulations, including Payment Card Industry Data Security Standard (PCI DSS) 3.6.1 and 3.6.3.
- Automation of strong centrally generated keys across the entire extended enterprise.
- Ability to maintain private keys under strict policy controls in a secure, centralized location.
- Dramatic reduction of risk of compromise via side-channel attacks, including Spectre and Meltdown.
“It’s critical for businesses in tightly regulated sectors, such as financial services and healthcare, to secure their machine identities,” said Hari Nair, director of product management and cryptographic researcher at Venafi. “With Venafi Advanced Key Protect, organizations can leverage the power of HSMs to generate and guard strong machine identities. This capability is essential for securing communications within and outside of the enterprise.”