KeySecure G160 for High Assurance is a tactical cryptographic key management platform that protects and manages cryptographic keys and associated policies used to encrypt the most sensitive data-at-rest in remote and tactical environments. This cost-effective solution is conducive for deployments ranging from small enclaves to a large disconnected environments.
KeySecure G160 for High Assurance’s small form factor enables it to be easily deployed across bandwith-limited mobile data centers. It enables rapid tactical key destruction and recovery to keep mission-critical data safe even in the most hazardous environments.
KeySecure G160 for High Assurance is manufactured, sold, and supported exclusively in the United States by SafeNet Assured Technologies.
KeySecure G160 for High Assurance Use Cases
KeySecure G160 for High Assurance brings the same-level of cryptographic key management found in traditional data centers to tactical environments such as:
- Forward Deployed Environments
- Disconnected Environments
- Forward Operating Bases
- Mobile Command Centers
- Forward Mission Operations
- Disaster Recovery Centers
KeySecure G160 for High Assurance integrates with SafeNet encryption products and third-party solutions for data, storage, virtual workload, and application encryption.
- Storage: supports leading storage platforms and cloud storage services
- Virtual Machine Encryption Provides a “keys in hardware” solution for virtual machine encryption
- Data Encryption Solutions:Provides encryption solutions for data in various formats including structured, unstructured and Self Encrypting Drives with SafeNet AT ProtectSED
- Applications:Supports application level encryption via SafeNet ProtectApp and integrations from cloud application partners
- Heterogeneous Key Management. Manage keys for SafeNet encryption products as well as a large variety of third-party encryption solutions through an industry standard interface
- Key Types. Centrally manage Symmetric Keys, secret data, and X.509 certificates along with associated policies.
- High Assurance.The included HA token provides on-board cryptographic processing capabilities through its embedded hardware security module. The HA token within the KeySecure G160 for High Assurance is used as a secure root of trust for key generation, secure key storage, and encryption/decryption. The HA token is capable of performing all private and public key cryptographic functions inside the token.
- Full Lifecycle Key Support and Automated Operations. Simplify the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution, deactivation and deletion. Automated, policy driven operations simplify key expiry and rotation tasks.
- Centralized Administration of Granular Access, Authorization Controls and Separation of Duties. Unify key management operations across multiple encryption deployments and products, while ensuring administrators are restricted to roles defined for their scope of responsibilities, from a centralized management console.
- High-Availability and Intelligent Key Sharing.Deploy in flexible, high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.
- Auditing and Logging. Detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non- repudiation and can be consumed by leading 3rd party SIEM tools.
- Next-Generation Storage and Archive Solution.Simplify secure storage and efficiently scale data centers while reducing costs and complexity.
- Cryptographic Erase.Securely sanitize target media in compliance with NIST SP 800-88 Rev 1 by centrally managing key lifecycle.
KeySecure for Government Model Comparison
||G160 for HA
||AWS AMI or VMWare OVA
|Max concurrent clients per cluster
|Redundant hot-swap HDs & Power
||FIPS 140-2 Level 3
||FIPS 140-2 Level 1 Level 2 or 3 via HSM Integration Option
||Optional via Network Attached HSM