Gemalto is now part of the Thales Group, find out more.
Contact Us

Bring Your Own Key (BYOK) with SafeNet KeySecure and ProtectApp

Using Gemalto's SafeNet KeySecure with SafeNet ProtectApp, enterprises can bring their own encryption keys (BYOK), to a growing number of cloud environments. Gemalto currently has Bring Your Own Key integrations with Amazon Web Services Key Management Services (AWS KMS),, Microsoft Azure, and a CSEK integration with Google Cloud Platform, with more cloud services and applications coming soon.

Enterprises that are hosting their sensitive data in these clouds are able to further protect their data by securely creating and managing their own encryption keys, separate from the cloud service provider’s where their sensitive data is being hosted.

Enterprises can securely create and manage their own encryption keys with SafeNet Key Secure and SafeNet ProtectApp

Enterprises can use SafeNet KeySecure to create encryption keys in their own environment, and then securely wrap and export those keys to the cloud. SafeNet KeySecure simplifies the management of these encryption keys and can make automated policy-driven operations easy for tasks such as key expiry.

  • Centralized management of encryption keys
  • Full lifecycle key support and automated operations
  • Consolidated administration of granular access, authorization controls, and separation of duties
Bring Your Own Key - KeySecure ProtectApp BYOK

Gemalto's Bring Your Own Key/Customer Supplied Encryption Keys Solution - Features and Benefits:

Utilizing Gemalto’s BYOK/CSEK solution provides greater control of your encryption keys, and helps strengthen the security of your key management, while still realizing the benefits that hosting your data in the cloud has to offer. 


SafeNet KeySecure allows organizations to utilize a secure appliance (physical or virtual), to manage and maintain ownership of their keys, data encryption, and enforce access controls across cloud environments

Simplifies the management of encryption keys across the entire lifecycle including: secure key generation, storage/backup, distribution, deactivation and deletion

Generate and wrap your own encryption keys that are then securely delivered to the cloud service provider’s environment

By generating your own keys, you can verify the origin and quality of the keys you are providing to the cloud service provider, strengthening the security of your organization’s key management practices

Securely archive and remove encryption keys and key caches from the cloud environment that your sensitive data is hosted in 

Using keys that you did not provide can grant unauthorized  access to your encryption key material – securely generating, delivering and managing your own encryption keys helps eliminate this risk

Help meet security mandates and compliance with a more auditable usage model

SafeNet KeySecure enables you to prove ownership and management of your encryption keys, and provides audit logs that are securely stored and signed for non-repudiation and can be consumed by leading 3rd party SIEM tools

Featured Resources:

Alphabet Soup HYOK, BYOK, CSEK: Deciphering Multi-Cloud Security

On-Demand Webinar: "Alphabet Soup HYOK, BYOK, CSEK: Deciphering Multi-Cloud Security”

Learn more about the benefits of centralized key management and the differences between BYOK, HYOK and CSEK in the on-demand version Gemalto’s joint webinar with 451 Research: "Alphabet Soup HYOK, BYOK, CSEK: Deciphering Multi-Cloud Security”. Topics include:

  • Building a multi-cloud security strategy
  • Best practices, benefits and pitfalls of managing your own keys
  • Impact of regulations on data protection in the next few years
  • Understanding the different cloud service provider’s requirements for key management
Watch the Webinar

Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  

By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.