StratoKey - Encryption Specifications

StratoKey utilizes standards compliant encryption to protect data. StratoKey supports "best in class" encryption algorithms such as FIPS 140-2 validated AES and Format Preserving Encryption algorithms. The supported Format Preserving Encryption implementation is specified in the NIST standard (800-38G). Each supported encryption algorithm provides varying levels of security to suit the intended purpose. There are always trade-offs in security, and StratoKey provides absolute flexibility when configuring individual levels of security. Multiple encryption schemes can be utilized in a single SaaS or cloud application allowing administrators to configure the most appropriate level of security without limiting application functionality.

StratoKey Configurable Encryption Filters

StratoKey utilizes configurable "filters" which provide a mechanism for matching encryption algorithms to the required data security. Through this flexible filtering, specific fields and data can be encrypted in a customized manner. Data fields requiring a specific format such as Social Security Numbers may well be encrypted utilizing a format preserving mode, whereas attached documents stored with an account may be encrypted with AES using a 256bit key. StratoKey provides administrators with absolute flexibility in configuring the most appropriate encryption mechanism for the data at hand. This flexibility provides support for multiple encryption strategies on a single page.

Hardware Security Modules

StratoKey integrates with leading Hardware Security Modules (HSM) from Thales (offical partner) and Safenet. StratoKey also supports popular cloud HSM's such as Amazon Web Services CloudHSM and AWS Key Management Service (KMS).

Encryption Key Rotations

StratoKey has in-built support for standard key rotations. StratoKey also supports locking encryption keys to individual applications and even individual groups of users. These encryption key management features are native features within the StratoKey product. StratoKey also supports third party key management services via KMIP.