A man sits at a computer and types

Take control of your data on AWS

Cloud data security requires encryption. Use an external key management system outside the cloud for safety

Encryption leads the way, but key management is crucial

Enterprise-level cloud usage requires strong encryption measures. This is what various regulations like EU-GDPR, EU Standard Contractual Clauses, or Binding Corporate Rules expect from enterprises when they state, “appropriate technical and organizational measures to protect data”. That covers beyond pure encryption – where encryption keys are stored and managed.

Innovation with AWS cloud needs to meet compliance demands

AWS Badge

AWS offers a huge portfolio of security services on its platform. For encryption, e.g., the Key Management Service (KMS) and Cloud Hardware Security Modules (HSM) are provided as on-platform services. But this convenient approach usually doesn’t meet the requirements of authorities, especially when it comes to workloads for customers in regulated industries or to processing sensitive data. Also, many cloud users want to comply with internal guidelines to protect company-internal data. Management of keys on the cloud provider’s platform isn’t sufficient to achieve the desired level of control of data.

E-Book: Delivering higher level of security and compliance on AWS

How to use AWS also for sensitive data? Our e-book shows a way with a focus on Data Protection as a Managed Service.

External Key Management for AWS

T-Systems and AWS together designed “External Key Management for AWS” (EKM) to solve this challenge and to comply with EU regulations. With the solution, the key management is separated from cloud service usage. AWS customers fulfill regulatory demands, achieve a high-security level, and can exploit the innovation capabilities of AWS cloud. T-Systems provides the solution in a fully scalable manner from a T-Systems data center in Frankfurt. To provide a good user experience, EKM is seamlessly integrated with AWS. Furthermore, it includes end-to-end logging and monitoring of key access for full auditability.

Rely on an experienced AWS security partner from Europe

EKM is offered as a module under the roof of Data Protection as a Managed Service (DPaaS). But clients can opt to use it as a stand-alone offering for their AWS usage. T-Systems is an AWS Premier Consulting Partner with an additional AWS-certified Security Services competency and provides long-standing expertise for cloud security.

We take GDPR compliance very seriously at ITONICS, so when we were researching how to comply with the Schrems II ruling, we started looking for ways to encrypt our data with keys managed inside the EU. We were delighted to be invited to Deutsche Telekom’s Key Management Service beta program to test the integration with several AWS services. The results of these tests were positive, and we are now moving to the implementation phase of the project.

Martin Hignett, CTO ITONICS GmbH

More AWS offerings for you

Free consultancy

Interested in EKM, but not sure how to get started? We can help you with a proof of concept. Discuss your requirements with our security experts in an initial requirement gathering call for free!

Do you visit t-systems.com outside of Denmark? Visit the local website for more information and offers for your country.