Scalable Object-Level Encryption

Encrypt every object with a unique key. A single TrustedKMS™ cluster scales to billions of keys under management, and handles thousands of transactions per second.

Strong Access Control and Separation of Duties

End users and authorized systems only have access to the data they're supposed to see. Your TrustedGateway™ administrators make access control decisions, but have no access to data. Your TrustedKMS™ administrators manage the TrustedKMS™ cluster, but make no access control decisions, and have no access to data. Your encryption keys never leave the TrustedKeep™ security boundary.

Strong Auditing and Monitoring

Every operation is audited, and all audit is exportable to your elastic™ stack. Notifications can be generated on the fly as objects are stored, retrieved, and deleted.

API Compatible With Amazon's Simple Storage Service (S3)

TrustedKeep™ acts as a transparent proxy to S3. You can rely on TrustedKeep™ to encrypt each object you store with one or more unique keys, while knowing that your cloud provider does not have access to those object-level keys or your master keys.

Compatible with Amazon's KMS

For your most sensitive workloads, encrypt your data with TrustedKeep™ and a Customer Managed Key (CMK) from Amazon's KMS.

Highly Available and Geographically Distributable

TrustedGateway™ is stateless and can scale to your workload, while TrustedKMS™ can be distributed across data centers or AWS regions. All operations are consistent within a datacenter or region, and eventually consistent across datacenter / region boundaries.