Cloud Security Analytics
CASB
Cloud Access Security Broker
Cloud Encryption

StratoKey - Encryption Specifications

StratoKey utilizes standards compliant encryption to protect data. StratoKey supports "best in class" encryption algorithms such as FIPS 140-2 validated AES (via NSS), Twofish and Format Preserving Encryption algorithms. The supported Format Preserving Encryption implementation is FF3 which is specified in the NIST standard (800-38G). Each supported encryption algorithm provides varying levels of security to suit the intended purpose. There are always trade-offs in security, and StratoKey provides absolute flexibility when configuring individual levels of security. Multiple encryption schemes can be utilized in a single SaaS or cloud application allowing administrators to configure the most appropriate level of security without limiting application functionality.


StratoKey Configurable Encryption Filters

StratoKey utilizes configurable "filters" which provide a mechanism for matching encryption algorithms to the required data security. Through this flexible filtering, specific fields and data can be encrypted in a customized manner. Data fields requiring a specific format such as Social Security Numbers may well be encrypted utilizing a format preserving mode, whereas attached documents stored with an account may be encrypted with AES using a 256bit key. StratoKey provides administrators with absolute flexibility in configuring the most appropriate encryption mechanism for the data at hand. This flexibility provides support for multiple encryption strategies on a single page.

Hardware Security Modules

StratoKey integrates with leading Hardware Security Modules (HSM) from Thales and Safenet. StratoKey also supports popular cloud HSM's such as Amazon Web Services CloudHSM and AWS Key Management Service (KMS).