External Key Management on AWS

External Key Management (EKM) empowers global customers who need to comply with strict security and data privacy laws that prevail in regulated industries by putting key access under their control, giving them more cloud vendor independence. These include e.g., the Schrems II ruling by the Court of Justice of the European Union (CJEU) and the stringent GDPR regulations regarding personal data. EKM is vital for data-sensitive workloads globally where data encryption is indispensable. With EKM from T-Systems, a certified AWS Premier Tier Services & Security Services Partner, customers have full control over key creation, modification, and deletion. Keys reside in the EU and are managed by a leading security provider in Germany.

1. Key infrastructure hosted in Deutsche Telekom data centers in Germany and other EU locations facilitated by T-Systems, a leading security provider in Germany.
2. Key are managed outside the cloud giving customers vendor-independent control.
3. Keys are stored in FIPS 140-2 Level 3 validated Hardware Security Module (HSM).
4. Customers can now encrypt data and applications handling sensitive data in a safe and secure way and help address compliance with global government and industry regulations.
5. Seamless integration to a majority of AWS Services together with AWS Key Management Services.
6. Logging and monitoring of key operations supporting auditing processes.
7. Highly available and scalable infrastructure realized with keys hosted in highly available Infrastructure in Telekom data centers.
8. AWS Services are connected to the data centers using highly available Direct Connect (T-Systems is a Direct Connect Partner for AWS) connections.