Thales announced the launch of its CipherTrust Cloud Key Manager integration with the AWS External Key Store, a feature of the AWS Key Management Service announced at AWS re:Invent 2022.

Following an increased call for enhanced sovereign controls amid growing regulatory requirements, the integration enables organisations to retain control of their encryption keys when migrating their sensitive data to the AWS cloud, the company states.

Developed with Thales since its inception, the AWS External Key Store combined with CipherTrust Cloud Key Manager offers organisations looking to move critical workloads to the cloud a way to maintain sovereign control of sensitive data throughout their digital transformation journey.

Ken Beer, General Manager, Key Management Service at AWS, says, “We’ve had a strong technical collaboration with Thales on the development of the AWS External Key Store specification from the very beginning, in part due to their long history of expertise developing hardware security modules and key management services.

"The cloud has become a critical point of operation across businesses, and our combined expertise provides a way of helping organisations address specific needs and know they’re getting industry-best security controls in the process.”

According to theThales 2022 Cloud Security Study, encryption is the number one choice to protect data in the cloud. However, only about one-third (29%) of respondents report total control of their keys to encrypted data in the cloud.

User-controlled encryption and key management in hybrid IT are essential safeguards to enforce digital sovereignty in a modern data-driven world governed by privacy compliance mandates, regulated sectors, or general IT security recommendations such as the Shared Responsibility Model and the NIS2 Directive.

CipherTrust Cloud Key Manager ensures AWS External Key Store customers can satisfy these urgent regulatory requirements by leveraging strong encryption and data security methods that allow organisations to manage their data separately from the cloud service provider, the company states.

Such a safeguard, also known as Hold Your Own Key (HYOK), enables organisations to maintain key ownership separate from the cloud data store.

Heleen Herselman, VP AWS Powerhouse at T-Systems Cloud Service, says, “Varying data protection regulations across countries have presented a challenge for global organisations migrating to the cloud.

"The CipherTrust Cloud Key Manager simplifies this challenge and ensures we remain compliant while taking advantage of all the benefits of leveraging cloud services. The ability to lean on Thales solution has become especially important, as we, and other organisations, increasingly rely on multi-cloud environments.”

CipherTrust Cloud Key Manager is a multi-cloud encryption key life cycle management solution that supports all major public cloud service providers. With a marked increase in multi-cloud adoption, this solution allows users to centralise key management across all clouds, the company states.

Todd Moore, VP, Encryption Products at Thales, says, “This is the first integration on the market to solve a major pain point for AWS cloud customers: how can they utilise protected data in the AWS cloud while retaining encryption keys outside the cloud.

"As an industry leader in key management solutions, we are proud to offer an encryption solution that provides the ability to maintain external control of keys and cryptographic operations using those keys. CipherTrust Cloud Key Manager is at the forefront of advanced digital sovereignty. We’ll continue to introduce cutting-edge security and compliance features that support organisations in their digital transformation journeys.”