+1.800.357.1019

+1.800.357.1019

Feel free to call us toll free at +1.800.357.1019.

If you are in the area you can reach us at +1.360.359.4400.

Standard support
6:30am - 4:00pm PST, Monday - Friday, Free

Premium support
If you own Townsend Security 24x7 support and
have a production down issue outside normal
business hours, please call +1.800.349.0711
and the on-call person will be notified.

International customers, please dial +1.757.278.1926.

Townsend Security Data Privacy Blog

Enterprise Key Management System (KMS) vs Cloud Key Service (KMS, Key Vault)

Posted by Patrick Townsend on Mar 16, 2020 3:38:00 PM

I am often asked about public cloud provider encryption key services like AWS KMS and Azure Key Vault. There are substantial differences between an Enterprise Key Management System (we have one) and the key services provided by Amazon and Microsoft (and Google has one, too). Enterprise Key Management Systems provide dedicated, full lifecycle key management under your exclusive control. Cloud key services provide a small subset of encryption key management support, in a non-dedicated, multi-tenant, shared environment. 

Perhaps the best way to show the differences is in a side-by-side table comparing our Alliance Key Manager for AWS and Azure, and Cloud Service Provider (CSP) key services:

Feature

Alliance Key Manager

Cloud Key Service

     

Standards

   

FIPS 140-2 Compliant

Yes

Back end only

OASIS KMIP compliant

Yes

No

     

Operational

   

Dedicated control

Yes

No, Shared Custody

Cross cloud

Yes

No

Mirror keys to on-premise

Yes

No

On-premise to cloud seamless migration

Yes

No

Backup off cloud

Yes

No

Key mirroring across regions/zones

Yes

No

Migrate to HSM

Yes

No

Automatic failover across regions/zones

Yes

No

     

VMware and Kubernetes

   

VMware encrypted VM support

Yes, certified

No

VMware encrypted vSAN support

Yes, certified

No

VMware vTPM support

Yes

No

     

Database & Application

   

SQL Server TDE support

Yes

No

MongoDB Enterprise Advanced support

Yes

No

MySQL Enterprise support

Yes

No

IBM DB2 support

Yes

No

Drupal

Yes

No

     

SDKs

   

Java

Yes

Yes

.NET (C#)

Yes

No

Python

Yes

Yes

C/C++

Yes

Yes

PHP

Yes

No

Perl

Yes

No

RPG

Yes

No

COBOL

Yes

No

 

Download Alliance Key Manager

Topics: Encryption Key Management

Blog-CTA-VMware-CSP
 
The Definitive Guide to AWS Encryption Key Management
 
Definitive Guide to VMware Encryption & Key Management
 

 
 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all