Product Advantages
Safe | Secure and Compliant
The system undergoes strict security design and audit, and the bottom layer enables the key to obtain high-security dedicated hardware protection through the Hardware Security Module (HSM), which meets the regulatory compliance requirements.
Easy to Use | Elastic and Efficient
Supports automated activation and on-demand expansion with elasticity and flexibility. Provides fully managed cryptographic infrastructure, allowing for easy creation of keys and other resources.
Integrated | Cloud Product Encryption
Integrates seamlessly with eSurfing Cloud products such as Elastic Volume Service (EVS) and Zettabyte Object Storage (ZOS), providing service-side transparent encryption to enhance the default security capability on the cloud.
Trustworthy | Stable and Available
Distributed deployment and redundant cryptographic computing capacity built into each resource pool effectively ensure service reliability and stability.
Scenarios
- Protection for Sensitive Data
- Client-side File Data Encryption
- By leveraging the online encryption capabilities of KMS, sensitive data is encrypted at the application layer before being stored in the database, which increases the difficulty of attacks and reduces the risk of bulk plaintext data leaks.
- Internet applications store sensitive user data such as mobile phone numbers, ID card numbers, and bank card numbers, which are at risk of plaintext extraction through attacks.
- Centralized, Encrypted Storage of Sensitive Data
- Before being persistently stored in the database, sensitive data has already been encrypted by KMS, and the data encryption keys are protected by the hardware security mechanisms of the cipher machine, making it impossible for anyone to steal them, thus ensuring high data security.
- On-demand Data Decryption for Business Systems
- When business system needs to process or display sensitive data, it calls KMS after user authentication to decrypt the data on demand. Only a small portion of the data required by the business is decrypted into plaintext in memory during this process, minimizing the risk of data exposure and leakage
- What is Key Management? Functional Features of the Key Management Product Key Management Product Specifications more
Product Introduction
- How to Create a Key? How to Create an Application Access Point? How to Integrate the SDK? more Operation Guidance
- Using the KMS User Master Key for Online Data Encryption and Decryption Using Envelope Encryption to Implement Local Large-Scale Data Encryption and Decryption Implementing Server-Side Encryption for Cloud Services through KMS more Best Practices
More Resource
Web Application Firewall
Cloud Bastion Host (CBH)