Encryption Keys
Skyhigh CASB encryption requires a Key Management System that supports the KMIP v1.1 protocol to be installed in your environment. This is to make sure that the sensitive encryption keys are in your control and can be rotated in compliance with relevant policies/regulations. If the Key Management System needs to be installed in the cloud, Skyhigh CASB can help with procuring and installing the Safenet Keysecure Appliance. Contact Skyhigh Security Support for more information.
NOTE: The Skyhigh CASB for Salesforce Encryption engine receives keys from the Key Management System through the Skyhigh CASB Secure Key Agent Service. The Skyhigh CASB Secure Key Agent uses Certificate Authentication to establish a mutually authenticated session with the Key Management System and pushes keys in a secured manner to Skyhigh CASB for encryption.