Entrust, a global leader in identity and data security, today announced new capabilities to help organizations enhance their data protection and security posture and advance their Zero Trust maturity journey. The new features extend protections, visibility, and governance over virtual infrastructures, code and application development, and cryptographic key management.

“IT and security leaders are being challenged on several fronts – secure the enterprise now, plan for unknown threats, and ensure compliance, while enabling the organization to advance on its goals. Entrust offers a range of solutions that address key cybersecurity and identity challenges across the key pillars to Zero Trust – identities, networks, applications, and data. Our latest innovations help IT and security gain greater visibility and governance over how they manage encryption keys, secrets, and applications across multi-cloud and virtualized environments,” said Bhagwat Swaroop, President, Digital Security Solutions at Entrust.  

New and enhanced capabilities include: 

1. Entrust KeyControl Compliance Manager: Unified dashboard provides visibility and management over encryption keys and secrets across on-premise and multi-cloud operations.

2. nShield CodeSafe: New capabilities to secure the application development environment within a FIPS 140-2 Level 3 certified nShield hardware security module (HSM).

3. CloudControl: Extends verifiable trust policy for virtual infrastructures as well as multi-cloud operations. 

KeyControl Compliance Manager: Gain visibility and management control over encryption keys and secrets across clouds and on-premise

Zero Trust is all about protecting data and ensuring the right people have access at the right time. As organizations manage an increasing number and diversity of keys and secrets, a consistent

global strategy for managing keys across IT assets should include full visibility of all keys and

secrets, as well as all related information such as the key owner, the key usage, the key history, how

the key was generated, and for what purpose.

With the new Compliance Manager for KeyControl solution, organizations can easily establish and maintain a key inventory and achieve full visibility on all related information for all keys, across on-premises and cloud environments, including key history and usage.

In creating a single unified dashboard, the solution allows you to view and monitor your

organization’s cryptographic assets located in one or many vaults – whether configured locally

or geographically distributed.

Entrust nShield CodeSafe 5:  New capabilities to ensure secure application development

CodeSafe is a set of tools that enable developers to write and execute sensitive applications inside the tamper-resistant boundary of FIPS-certified nShield HSMs. CodeSafe 5 brings new capabilities that make protecting application code even easier by delivering a standard container development environment enable easy integration of supporting tool chains and engineering process common to traditional deployment environments.

It also provides additional protection designed to support the latest FIPS 140-3 level 3 HSM standard, while the Entrust nShield Post-Quantum SDK enables post-quantum cryptographic applications for nShield HSMs leveraging CodeSafe. It supports NIST’s PQC algorithms identified for standardization including CRYSTALS-Dilithium, FALCON, and SPHINCS+ digital signature algorithms.

All together this means CodeSafe can protect applications to the same level of security as they do they cryptographic keys and secrets providing strength in depth.

Entrust CloudControl

The Entrust Zero Trust framework for virtual infrastructure uses Entrust CloudControl to extend security to the virtual infrastructure deployed across distributed private cloud environments. The model operates under the premise that no entity (human or machine) can be trusted by default, and that every request to access virtual resources across data centers and private clouds must be authenticated and authorized before access can be granted.

CloudControl enables organizations to adopt a proxy-based approach to establish a control barrier between users and devices and virtual resources. The approach extends the Zero Trust model and enhances the overall security of the organization. By facilitating the integration of a virtual infrastructure with an enterprise ID provider, CloudControl ensures that every access to virtualized resources undergoes thorough identification, authentication, and authorization.

Entrust CloudControl extends security to an organization’s virtual infrastructure, ensuring that only authenticated and authorized administrators have access to the resources they are allowed to control. Providing a mechanism that brings verifiable trust to the deployment environment, new updates to CloudControl ensure workloads are secured and are only run under multi-layered security and authorization controls, including secondary approvals, RBAC, and MFA. CloudControl also facilitates compliance to data sovereignty requirements by disabling virtual machines if moved out of defined areas.