KeySecure for Government is a centralized key management platform that supports a broad encryption ecosystem for the protection of sensitive data-at-rest across traditional or virtualized data centers and public cloud environments.
Skip Navigation
  • Overview

    KeySecure for Government is a centralized key management platform that supports a broad encryption ecosystem for the protection of sensitive data-at-rest across traditional or virtualized data centers and public cloud environments.

    Derived from industry-leading technology, KeySecure for Government is available in either a hardware (G460) or virtual (G350v) appliance. KeySecure for Government supports a hardware root of trust utilizing a FIPS 140-2 Level 2 or 3 Luna for Government hardware security module (HSM) (embedded in hardware appliance or network-attached for virtual appliance) or the Amazon CloudHSM service (virtual appliance only).

    KeySecure for Government is manufactured, sold, and supported exclusively in the United States by SafeNet Assured Technologies.

    KeySecure for Government Use Cases

    KeySecure for Government use cases for centralized key management cover SafeNet encryption products and third-party solutions for backup media and storage, virtual workload and application encryption.

    • Backup Media: KeySecure for Government supports industry leading tape libraries, scalable backup and cloud archive solutions
    • Storage: KeySecure for Government supports leading storage platforms and cloud storage services 
    • Data Encryption Solutions: KeySecure for Government provides encryption solutions for data in various formats – structured (such as databases) and unstructured (file level encryption, big data) – ensuring appropriate access to users requiring the information and IT teams providing infrastructure support
    • Applications: KeySecure for Government supports application level encryption via SafeNet ProtectApp and integrations from cloud application partners


    Highlighted Capabilities

    • Heterogeneous Key Management. Manage keys for SafeNet encryption products as well as a large variety of third-party encryption solutions through an industry standard interface 
    • Multiple Key Types. Centrally manage Symmetric and Asymmetric Keys, secret data, and X.509 certificates along with associated policies.
    • Full Lifecycle Key Support and Automated Operations. Simplify the management of encryption keys across the entire lifecycle including secure key generation, storage and backup, key distribution, deactivation and deletion. Automated, policy driven operations simplify key expiry and rotation tasks.
    • Centralized Administration of Granular Access, Authorization Controls and Separation of Duties. Unify key management operations across multiple encryption deployments and products, while ensuring administrators are restricted to roles defined for their scope of responsibilities, from a centralized management console. Also, KeySecure for Government can utilize existing LDAP or AD directories to map administrative and key access for applications and end users.
    • High-Availability and Intelligent Key Sharing. Deploy in flexible, high-availability configurations within an operations center and across geographically dispersed centers or service provider environments using an active-active mode of clustering.
    • Auditing and Logging. Detailed logging and audit tracking of all key state changes, administrator access and policy changes. Audit trails are securely stored and signed for non- repudiation and can be consumed by leading 3rd party SIEM tools.
    • Next-Generation Storage and Archive Solution. Simplify secure storage and efficiently scale data centers while reducing costs and complexity.
    • Cryptographic Erase. Securely sanitize target media in compliance with NIST SP 800-88 Rev 1 by centrally managing key lifecycle.
  • Features & Benefits
    • Single, centralized platform for managing cryptographic content (keys and related data) and applications including the ability to perform high speed encryption/decryption operations
    • Use Case Expansion. Transform your key management appliance into a server that includes support for SafeNet encryption products
    • Lower Administration Costs. Lower the cost of key management and encryption with centralized administration and automated operations
    • Simplify Compliance. Efficiently audit key management practices, save staff time, and simplify attainment of compliance mandates with efficient, centralized auditing of key management practices such as FIPS 140-2, PCI-DSS, HIPAA
    • Security and Compliance for Cloud Environments. Take advantage of the lower costs of virtualized and cloud environments with flexible deployment options and appliance models covering physical and virtual environments such as VMware and AWS GovCloud, C2S and U.S. regions
    • Environment Independent Key Management. Key management policies and procedures are consistent whether deployed in a traditional data center, virtualized data center, cloud or a hybrid environment
    • Risk Mitigation with Maximum Key Security. Tamper-proof hardware options and hardened virtual appliance supporting a hardware root of trust with a FIPS 140-2 Level 2 or 3  Luna for Government hardware security module (embedded in hardware appliance or network-attached for virtual appliance) or the Amazon CloudHSM service (virtual appliance only).
    • Lower Total Cost of Ownership. Leverage a continuously growing list of 3rd party technologies leveraging SafeNet encryption products and the OASIS KMIP standard
    • Flexible Procurement Options. Scalable licensing and support models available through different procurement options via AWS Marketplace, IC Marketplace, or SafeNet Assured Technologies
  • Technical Specs

    API Support

    • Java, C/C++, .NET, XML open interface, KMIP standard

    Network Management

    • SNMP (v1, v2, and v3), NTP, URL health check, signed secure logs & syslog, automatic log rotation, secured encrypted and integrity checked backups and upgrades, extensive statistics

    Appliance Administration

    • Secure Web-based GUI, Command Line Interface


    • LDAP and Active Directory
    • Common Access Card Authentication
  • Integration Support
    • Analytics:  IBM Qradar, HPE ArcSight, Splunk, RSA Security Analytics, Above Security
    • Application Servers: IBM WebSphere, Oracle Weblogic, Microsoft IIS, Apache Tomcat, Red Hat JBoss
    • Backup Solutions: Commvault Simpana, Symantec NetBackup (via NetApp)
    • Cloud Storage: Nutanix, AWS S3 and C2S, DropBox, Google Cloud Storage, Google Drive, NetApp Cloud ONTAP, NetApp AltaVault, Panzura Storage Controller
    • Cloud Access Security Brokers: CipherCloud, SkyHigh Networks, Perspecsys (Blue Coat), Hitachi Sepaton VTL, CSC ServiceMesh, Netskope
    • Databases: MS SQL Server (EKM), Oracle (TDE), IBM DB2, Oracle MySQL, Oracle Database, Teradata
    • File and Disk Encryption: PKware, MongoDB
    • Identity Management: Centrify Privilege Service
    • Key Managers: Hadoop KMS, CloudEra Navigator Key Trustee Server, VMware
    • Physical Storage: NetApp NSE, Dell Compellent (SC and XC), HPE MSL/ESL Tape Libraries, HPE 3Par StoreServ, HPE XP7, Hitachi VSP, Hitachi HUS,  Hitachi RAID700, IBM XIV SED, Quantum Scalar Series(i6000, i500 & i40/80),Viasat, Brocade FS8-18
  • Model Comparison

    KeySecure for Government Model Comparison

    Feature G160 G460 G350v
    Form Factor Mini Appliance 1u Appliance AWS AMI or VMWare OVA
    Max keys 1,000 1,000,000 1,000,000
    Max concurrent clients per cluster 100 1,000 1,000
    Redundant hot-swap HDs & Power No Yes N/A
    Certification FIPS 140-2 Level 3 or HA Token FIPS 140-2 Level 3 FIPS 140-2 Level 1 Level 2 or 3 via HSM Integration Option
    HSM Integration eToken 5110 or HA Token Embedded Optional via Network Attached HSM