<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt=""> Encryption Key Management Software | Virtru
Encryption Key Management

Enterprise Key Management for Data Control at Scale

Virtru offers several key management solutions and approaches to ensure you maintain control, confidentiality, and compliance wherever your data goes – including the ability to host your own keys to meet data sovereignty and residency needs.

Zero Trust Key Management, Tailored for Enterprise Privacy and Compliance

Virtru enables you to achieve complete data control, at scale, while still using the cloud-native productivity apps you love. Virtru handles the heavy lifting of policy enforcement and key exchange, so your team can focus on getting their jobs done.

Shield Your Data From Your Cloud Provider

Organizations want control of their data, including the encryption keys guarding that data. However, most cloud-managed, bring your own key (BYOK) approaches cannot deliver on Zero Trust, as they require you to trust a third-party vendor with access to your keys and plain text content.

Virtru is different. We ensure you maintain exclusive access to secure your data by removing third-party trust concerns. We use a distributed architecture and unique symmetric keys for every email and file, offering heightened security at scale and shielding your data from cloud providers like Microsoft and Google.

Reflection of a business man on a glass wall.

Host Your Own Private Keys for Compliance and Data Sovereignty

The Virtru Private Keystore adds an additional layer of protection that lets you directly host your encryption keys. We also integrate with hardware security modules (HSMs) for the highest levels of confidentiality and control. And we are a key management partner for Google Workspace Client-side encryption. Virtru positions your organization to meet or exceed the most stringent compliance requirements, including CMMC, DFARS, CJIS, ITAR, and EAR.

Flexible, Layered Encryption Key Options

Host Keys with Virtru

You can be up and running in minutes with our fully hosted key management option. Virtru Access Control Manager (ACM) provides a front-end layer that authenticates requests for keys and ensures sensitive content is only accessed by authorized parties.

A unique AES 256-bit symmetric data key is created on the client to protect each email and file, then delivered via a secure TLS-protected channel to Virtru ACM. 

Host Your Own Keys

Choose this option to have ultimate control over who can access your data to meet requirements for CJIS, ITAR, data sovereignty, and more. Prevent third parties from accessing your data with the Virtru Private Keystore, which allows you to host your own encryption keys. The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.

When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager (ACM) manages and authenticates key exchanges but cannot access your data at any time. Virtru then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment which meets the data protection and compliance you want. You can host your private key on your premises, in your private cloud, or on any public cloud service.

Host Keys with your Hardware Security Module

Use your existing Hardware Security Module (HSM) infrastructure and key management processes. In this deployment option, your private encryption keys are stored in your HSM and the Virtru Private Keystore only brokers encryption and decryption requests with the Virtru platform.

This method leverages PKCS (Public Key Cryptographic Standard) #11 and KMIP protocols, allowing integration with a variety of HSM manufacturers.

Manage Keys for Google Client-Side Encryption for Workspace and Gmail

Virtru is an authorized Google Workspace Client-side encryption (CSE) partner to prevent unauthorized or third-party (including Google) access to your data. Our encryption key management supports heightened privacy in Docs, Sheets, Slides, and the Google Drive File Stream desktop app, as well as encrypted calls (media stream) and video messages in Google Meet.

Virtru is the only Google CSE key manager that allows you to enforce access control using labels in Google Drive. 

Once your browser client encrypts the content with Google Client-side encryption, those keys are then wrapped with an additional key that’s provided by Virtru. These Key Encryption Keys (KEKs) and their associated access control policies are managed by Virtru to determine who can and cannot access your data. This keeps your cloud data private, even from Google, since they won’t have the keys to decrypt your data. Virtru cannot access your protected data at any time.

Flexible, Layered Encryption Key Options

You can be up and running in minutes with our fully hosted key management option. Virtru Access Control Manager (ACM) provides a front-end layer that authenticates requests for keys and ensures sensitive content is only accessed by authorized parties.

A unique AES 256-bit symmetric data key is created on the client to protect each email and file, then delivered via a secure TLS-protected channel to Virtru ACM. 

Choose this option to have ultimate control over who can access your data to meet requirements for CJIS, ITAR, data sovereignty, and more. Prevent third parties from accessing your data with the Virtru Private Keystore, which allows you to host your own encryption keys. The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption while aligning with your existing infrastructure for enterprise scale implementations.

When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager (ACM) manages and authenticates key exchanges but cannot access your data at any time. Virtru then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment which meets the data protection and compliance you want. You can host your private key on your premises, in your private cloud, or on any public cloud service.

Use your existing Hardware Security Module (HSM) infrastructure and key management processes. In this deployment option, your private encryption keys are stored in your HSM and the Virtru Private Keystore only brokers encryption and decryption requests with the Virtru platform.

This method leverages PKCS (Public Key Cryptographic Standard) #11 and KMIP protocols, allowing integration with a variety of HSM manufacturers.

Virtru is an authorized Google Workspace Client-side encryption (CSE) partner to prevent unauthorized or third-party (including Google) access to your data. Our encryption key management supports heightened privacy in Docs, Sheets, Slides, and the Google Drive File Stream desktop app, as well as encrypted calls (media stream) and video messages in Google Meet.

Virtru is the only Google CSE key manager that allows you to enforce access control using labels in Google Drive. 

Once your browser client encrypts the content with Google Client-side encryption, those keys are then wrapped with an additional key that’s provided by Virtru. These Key Encryption Keys (KEKs) and their associated access control policies are managed by Virtru to determine who can and cannot access your data. This keeps your cloud data private, even from Google, since they won’t have the keys to decrypt your data. Virtru cannot access your protected data at any time.

Trusted Key Management for Maximum Privacy

Data Sovereignty

Virtru cannot access your protected data at any time, whether you choose to host your own keys or use our hosted key management option.

Complete Control

Distributed architecture with dual layers of protection gives you total control over who can access the keys securing your most sensitive data.

Adaptability and Scale

We leverage Docker containers and your existing key management infrastructure to support enterprise-scale deployments with low maintenance.

A woman addresses a meeting room of business people.
Maki Logo

"The Virtru Private Keystore is super seamless. Everything is running smoothly. From a customer standpoint, it really makes a difference: They now feel that they're much more in control and that Google will not be able to access their data.”

Benjamin Chino
Co-Founder and CPO

Schedule a Demo with Virtru Today