Cloud encryption key management service provider KeyNexus, a division of Dark Matter Labs (DML), is getting set to launch what it says is an ultra-secure cloud encryption key management service for Amazon Web Services (AWS) EBS storage partitions (AWS EC2). KeyNexus says its approach is disruptive, and it involves separating the "lock" from the "key," while at the same time promoting encryption interoperability across the public cloud. That means companies can store, manage and audit their encryption keys separately from the cloud. Here are the details.

KeyNexus Founder and CEO, Jeff MacMillan, will debut the product during a panel at CloudBeat 2013 Conference in San Francisco this week. KeyNexus relies on appliances developed by Dark Matter Labs, also founded and led by MacMillan, that perform data encryption to protect data assets stored in databases, file systems and back-ups. KeyNexus uses these appliances to power key management for the cloud. The company says that this approach offers better security than systems that store encryption keys and data on the same cloud, or enterprises that store keys in a less secure location on-site.

The company said the KeyNexus’ AWS solution offers the following key features:

  • Encryption for EBS storage partitions implemented on several variants of Linux Amazon Machine Instances (AMIs)
  • Remote management and rotation of encryption keys, enhancing governance, risk and compliance (GRC) objectives for organizations using the KeyNexus’ SaaS platform
  • Key provisioning interoperability between any cloud platform, application or device capable of connecting with KeyNexus’ APIs
  • Access protection for customer keys though deployent of nodes in multiple, redundant, geographically diverse, SSAE16 SOC-1 certified private datacenters across the United States, each co-located with hardware encryption appliances and connected to AWS via high-speed private fiber channels and virtual private networks. KeyNexus’ North American (and soon global) network of key management nodes will operate independently in each jurisdiction.

MacMillan said in his prepared remarks that there are partial solutions for cloud security management available today, however, many are cost-prohibitive and require a cloud vendor to manage all keys.

"If enterprises don’t store and manage encryption keys in a location that is separate from the data, it’s essentially like leaving a house locked, but with the keys in the door," he said. "This approach leaves data vulnerable and users without control or visibility into the key management process."

The company said its cloud encryption key management service will be available in late September 2013. Interested parties, though, can receive a notification of the general availability of KeyNexus AWS offering by registering through the company's website.