The answer is robust data encryption, but that alone is not enough. You need assurance that the encryption keys are not accessible to third parties and remain under the control of your organisation. While this may seem rather simple, key management is complex and highly technical. That is why LuxTrust, in partnership with Thales and DEEP by POST Group, has developed a packaged solution that gives organisations the assurance their data is encrypted and only they have access to it.

A compelling presentation by LuxTrust, Thales, and Deep

KMaaS solution was presented by the three partner companies during "The importance of safeguarding your data," an event organised by LuxTrust, DEEP by POST Group, and Thales and hosted by POST Luxembourg at its new headquarters of on 14 November 2024.

The partnership is based on the expertise of each company. While Thales provides the technological solution for data encryption and key management, DEEP by POST Group is responsible for the managed services that allow each environment to be managed according to the rules defined by the customer. LuxTrust – a qualified trust services provider and local pioneer in the field – hosts and operates the solution using HSMs for key storage and security.

Presenting the KMaaS solution was Fabrice Aresu (CEO of LuxTrust), Steven Maas (Sales Director Data Security Benelux at Thales), Samuel Emangard (BL Cybersecurity - Security Architect at DEEP), and Sébastien Girard (BL Cybersecurity - Service Line Manager SPS at DEEP).

The benefits of the managed solution

Fabrice Aresu said: “Our unified solution enables businesses to effectively manage their data, whether in the cloud or on-premises, all while ensuring regulatory compliance. During our own journey toward data sovereignty, clients kept telling us that they wanted to leverage cloud services as we were doing, but they did not have the staff or the means. That is why we decided to team up with Thales and DEEP, to address those challenges, and develop a managed solution that is future-proofed, which is vital as the whole chain can become obsolete very quickly.”

Steven Maas, sales director at Thales, which is one of the largest European cybersecurity companies and annually invests $1 billion in R&D, explained: “Moving from a single data source to an environment in which data is stored in the cloud brings all sorts of data challenges, and it is important that we take back control of our own destinies. The most important thing is that you, as a customer, retain control of your data no matter where it resides. That is what we offer.”

The pressing need for future proofing

Maas emphasises the seismic shifts that are occurring in data management, both in terms of capabilities, protections, and threats. While ever more secretive data is being moved to the cloud, regulations such as DORA aim to ensure that organisations adhere to a certain level of security, especially when data is in the hands of third-party providers. He explains that most companies do comply with ISO 27000, the global standard for information security management systems.

While AI does help to improve data management, Maas says, it is also being used by malicious actors. Maas warned: "With quantum computing coming in 2029, current algorithms will be obsolete or breachable. You need to change your current and future systems to be agile enough to deal with it."

Control rests with the client

Samuel Emangard and Sebastien Girard, from DEEP by PST Group, explained: ”KMaaS creates, stores, and backs up keys locally, then transfers them to different cloud providers. When considering Bring Your Own Key from a security perspective, it provides significant benefits by enhancing control, ensuring compliance and building trust in data management. These encryption keys are sourced from your own KMaaS instance, hosted here in Luxembourg, managed by a Luxembourgish provider and under your control.”

With the LuxTrust, Thales, and DEEP managed solution, as a customer, you are able to manage the root keys. If you want to disable them, you simply connect to the KMaaS, select the key, and disable it. Also notable is that the data and keys from each customer are split and kept separately in what are called domains, and each domain is dedicated to a single customer, which ensures the utmost security.

Discover the other key takeaways shared during the event here and here.