Add Support for all the cryptographic protocols you don't already support
Enterprise Key Manager
Enterprises have existing IT infrastructure which represents a large capital investment. If an enterprise is to keep operating, then its IT infrastructure can’t fail, it can’t be replaced overnight, and it can’t be disabled or breached. Proper use of encryption tools is one of the best, and sometimes the only way to prevent breaches and the failures that lead to breaches. In order to make encryption useful and easy to use it needs to integrate with the rest of the Enterprise’s IT infrastructure.
Every enterprise has one (or more) Identity Management systems which can identify people, machines and applications which make up the information systems of the company. Everyone needs to encrypt some information, but they need to encrypt it for someone. Even if information is just encrypted so it can be backed up safely, someone must be able to decrypt and make use of the backup. Secure Channels’ Enterprise Key Management solutions help solve these problems by maintaining the relationship between encryption keys and the people, machines, or applications they belong to.
Unlike other solutions, that only address a single area or technology, Secure Channels’ Enterprise Key Management solutions address multiple areas. They can support varying Levels of Assurance for authentication, or expanding the usefulness of a Public Key Infrastructure, or integrating with a SAML IDentity Provider.
The Write-Only Escrow function of the Key Manager employs a public-key pair, and only the encryption key is kept on the Key Manager. Once configured, the decryption key is given to an authorized keyholder, and does not exist anywhere else. That makes it impossible to extract any of the escrowed information without it. If it were possible for a hacker to completely compromise the Key Manager, it would *still* be impossible for the hacker to get the escrowed information.
The keys and functionality are only available outside the box using the defined interfaces and protocols. The protocols are all mature and have all been fully vetted by the security community. Internally, nothing is stored on-disk except in encrypted form, and can be safely backed up on or off-site with no additional precautions. Defensive programming techniques are used to erase keys from RAM once they are used, and the keys for the databases are kept in an HSM outside of RAM. Even if a hacker were able to get a memory image of the Key Manager while it was operating no global compromise of the Key Manager would have occurred.
Since the Key Manager has custody of “the keys to the kingdom” multiple layers of defense are used to prevent any external breach of your most important secrets.