Data Security and Key Management - Thales e-Security




Enterprise solution for centralizing key management

What does keyAuthority deliver?


Automates key lifecycle policies from generation to destruction across global enterprises to avoid the complexity and inconsistencies of relying upon manual operations that are prone to error


Vaults keys in a FIPS 140-2 Level 3 designed high-assurance, reliable appliance to lower risk of key abuse and theft during long-term data retention periods, while preventing and notifying on tampering events


Accelerates solution adoption by pre-qualifying integration with leading encryption products that helps to ensure fast deployment and reliable performance for meeting data protection requirements


Centralizes management using a single, unified system to access and audit keys for reliable attestation of key distribution and use across diverse enterprise applications


Integrates multiple encryption silos to reduce management overhead and realize cost savings using a reliable, systematic approach that scales as new applications are deployed

keyAuthority® version 4.0 from Thales e-Security is a hardened cryptographic key manager that provides high levels of assurance to users of applications and systems with embedded encryption. keyAuthority supports widely-accepted industry standards, including the Key Management Interoperability Protocol (KMIP) standard, to allow comprehensive endpoint interoperability. Centralized administration provides consistent key lifecycle policy enforcement with reliable auditing to ensure data recovery and long-term business continuity. Enterprises now have a high performance key management solution that scales to support encryption requirements today and in the future. Its security boundary, which includes the entire chassis for higher assurance protection, has been designed to FIPS 140-2 Level 3.

New Product of the Year                            GEA-Gold      

keyAuthority® Partners

Pre-qualified Partner Solutions

Thales partners with industry-leading solution vendors to deliver integrated encryption management systems that help to quickly meet legal and regulatory mandates. Pre-qualified solutions accelerate deployment by minimizing deployment risks while maximizing cost efficiency through a simplified, reliable approach.




Hitachi Disk Storage Systems

    • Virtual Storage Platform (VSP)
    • Hitachi Unified Storage (HUS) VM
    • Hitachi Unified Storage (HUS) 150




IBM Storage Systems

    • TS3100
    • TS3200
    • TS3310
    • TS3500




Quantum i-Series Tape Libraries

    • i40
    • i80
    • i500
    • i6000





Virtual Tape Library

    • S2100-ES3 Series 2926







Big Data Security

    • Secure Hadoop Encryption

 Click on a logo above to learn more about that partner.

keyAuthority® Features & Benefits

Security Features & Benefits

  • Key Protection Assurance: Attack-resistant and tamper-evident hardware delivers high assurance protection for keys and the information it safeguards.
  • Key Lifecycle Automation: Automated policy enforcement makes it easier for organizations to implement best practices in key management and achieve consistent security by reducing the risk of manual errors.
  • User Role Separation: Multi-factor authentication, role-based access controls, and support for dual controls enable strong separation of duties and ensure authorized access to keys and devices.
  • Reliable Audit: Secure audit facilities enable reliable compliance reporting and verification of controls in place.
  • Risk Visibility: Report events and backup data securely to other systems through standard interfaces including syslog for logging, SNMP and email alerts, NFS and SCP for backups, and more.

Operational Features & Benefits

  • Consistent Policy: Centralized administration streamlines management of keys and encryption processes across even the most complex, heterogeneous global environments, enabling organizations to implement a consistent security model and reduce operating costs.
  • High Availability: A performance-optimized solution that includes key backup and synchronized key replication helps to ensure high availability; redundant hot-swappable components provide fault tolerance and quicker recovery.
  • Integrated Storage Solutions: Qualification of leading storage encryption products simplifies and accelerates deployment for both proprietary and KMIP standards-based solutions.
  • Group Partitioning: Group and domain separation supports multi-tenancy for applications, enabling management services to be streamlined, while accommodating unique regulatory and organizational segregation needs.
  • Flexible Scalability: A single, consistent interface for management across multi-vendor products extends to a broad range of encryption products, so you can scale new enterprise applications from one to many with confidence as new applications become available.

keyAuthority® Specifications

keyAuthority offers industry-leading operational high performance and security assurance in a FIPS 140-2 Level 3 designed 2U appliance enclosure. The tamper-responsive and tamper-evident server design delivers unparalleled key protection over alternative software-only, soft appliance, and HSM plug-in card approaches.

With the ability to partition groups of keys, applications and users across multiple virtual domains, keyAuthority scales key management across a global environment, allowing a single, centralized system to coordinate a diverse landscape of storage encryption products.



 Key Storage

 25 Million (total across HA cluster)

 Domain Partitions

 64 (total for appliance cluster)


 1,000 (total for all domains)

 Client Devices

 2,000 (endpoints per cluster)

 Key Generation*

 >50 per second

 Key Storage*

 >25 per second

 Key Retrieval*

 >200 per second

 Security Certifications

 FIPS 140-2 Level 3 designed

 Protocol Compliance

 KMIP 1.2 (OASIS Standard)
 IBM (SKLM/TKLM Proprietary)

*  AES 256 key generation, storage and retrieval lab benchmarked.

 Options & Accessories

  • Multi-domain support (multi-tenancy) licensing.
  • Replication license for high availability appliance pair.
  • Field-replaceable appliance fans and power supply units (PSUs).
  • Additional smart cards and readers for user role and system recovery.

For more information about keyAuthority specifications, download the keyAuthority Data Sheet.