Zero Trust and KMS

edited May 2022 in Security Model

The XQ Key Cache can support multiple policies such as IP location, time and tokens. Thus the XQ Key Cache can be configured in any network only to communicate with approved IP addresses.


XQ is different than standard envelope encryption as it uses a Zero Trust security model. For example with AWS envelope encryption users need to “trust” AWS to storing their master key. In contrast with XQ users can have Zero Trust in AWS as they have their own key distribution server which they can operate in AWS, Azure or even a physical server. 


While XQ seems similar to existing HSM or KMS based key management solutions it is optimized for scale and simplicity while utilizing a true Zero Trust Architecture. With XQ, edge based key distribution “distributes” the computational load while the ability to deploy an array of XQ Key Caches ensures scale and no single point of failure. When combined with a ZTA based identity-based authorization model, XQ is far more elegant for Smart Energy and Transportation systems. 


The XQ Key Cache is a fully self-contained key distribution and logging solution but can be combined with HMS/KMS solutions for hybrid solutions. XQ can be used to support frontend IoT sensors and data lakes while KMS would be used only for long term archiving of keys. Thus the use of KMS and cost would be reduced.

Tagged:
Sign In or Register to comment.