hero-ukc-v2

Unbound Key Control

Control, manage, and protect cryptographic keys from a single pane of glass

Gain visibility and control of your keys in a zero-trust
world. Manage keys across all sites and all workloads
on premise or in any hybrid cloud environments.

Show me how

Stretching the
Boundaries of
Traditional Key
Management

Unbound Key Control (UKC) is a unified key manager and virtual Hardware Security Module (vHSM) which provides full key lifecycle management. It supports all standard HSM cryptography APIs and enables seamless integration with numerous KM systems and key stores. This pure-software solution manages all keys from all your on-premises or cloud workloads and from any cloud service provider (CSP). Use Unbound Key Control to manage and sync all your keys across sites and workloads through one central management system.

With UKC and vHSM, your most sensitive keys never exist in the clear at any point in their lifecycle – not even when generated, while in use or at rest.

What can Unbound Key Control do for You?

Cryptographic-Keys-icon
Know Where Your
Cryptographic Keys
Are at all Times
A single pane of glass for visibility
of all of your keys, both on-premise and
in the cloud. Includes support for leading
key management systems (KMS) and
Cloud HSMs from major CSPs.
Keys-Across-Applications-icon
Centrally Manage Keys
Across Different
Applications & Use Cases
Easily manage all of your
organization’s keys, and interface with
any application (in-house or SaaS)
requiring cryptographic services.
Enterprise-Grade-HSM-icon
Protect Your Keys
With an Enterprise-
Grade Virtual HSM
No longer depend on
underlying hardware or physical
infrastructure. Get FIPS 140-2
HSM-level security with
software-only.

Key Features

How UKC Can Be Deployed in Your Organization

Architecture-Non-continuous-Secure-Boundary
UKC diagram

Unbound Key Control (UKC) is comprised of one or more pairs of standard servers that are installed and managed by the customer. Each of these pairs is comprised of an Entry Point node and a Partner node that each hold one share of a key. Together, these servers form the secure boundary of UKC. Application servers within the network connect to the entry point for consuming cryptographic services for the keys that are managed within UKC.

Based on the first technology to truly abstract key management, Unbound Key Control (UKC) can be deployed on any standard platform, including physical/virtual machines and containers. This gives you the flexibility to choose the location of the nodes of the UKC and to create a deployment that meets your unique requirements.

Use Cases

Technology, Financial, Banking
Enterprise Software, Financial
Technology, Financial, Banking
Demo mockup UKC

Try Unbound Demo Version

Schedule a demo

Unbound Key Control Technology Integrations

We’ve partnered with the leading technology companies to bring
even more control and visibility into your cryptographic arsenal.

apache
Apache
Unbound protects the private keys of the Apache SSL certificates.
aws
Amazon Web Services (AWS)
Unbound protects the cryptographic material within its secure boundaries, while supporting BYOK to AWS.
digicert
Axoni
Unbound provides key management support for Axoni.
azure
Microsoft Azure
Unbound has launched the first Cloud vHSM and Key Management solution on Azure Marketplace. Additionally, Unbound protects the cryptographic material within its secure boundaries, while supporting BYOK to Azure.
cryptomath
Cryptomathic
Unbound acts as a vHSM, protecting the cryptographic material used by the Crypto Service Gateway control center.
cyberarc
CyberArk
Unbound protects privileged accounts of CyberArk Privileged Access Security ensuring that the keys that protect user credentials are never kept whole.
digicert
DigiCert
Unbound automates the certificate generation process while safeguarding the private key of the certificate.
horizontal-logo-monochromatic-white
Docker
Unbound can be used to sign Docker containers.
enveil-bluelogo
Enveil
Unbound shields the cryptographic keys used by Enveil data-in-use, ensuring that nothing is ever revealed during the entire processing lifecycle.
gnupg
google-cloud
Google Cloud Platform
Unbound integrates with GCP's external key manager, allowing for full protection of GCP keys throughout the operation lifecycle.
hashi-corp-vertical-logo-black
HashiCorp
Unbound protects the HashiCorp Vault master key, allowing automatic unsealing and seal wrapping.
hyperledger
Hyperledger Fabric
Unbound's NextGen Key Orchestration Platform provides key management for enterprise blockchain providers using Hyperledger Fabric.
ibm
IBM
Unbound secures the encryption keys used for IBM DB2 TDE (transparent data encryption), protecting data "at rest". Additionally, Unbound logs can be parsed and viewed using the SIEM capabilities of QRadar.
300-px-java-programming-language-logo
Java
Unbound protects application keys and acts as the cryptographic provider for Java applications.
jetty-logo-80x22
Jetty
Unbound protects Jetty app server's TLS keys.
digicert
MacOS Signing
Unbound's Enterprise Code Signing application, built on UKC, can be used to sign MacOS and iOS code.
marklogic-logo-rgb-72-ppi
MarkLogic
Unbound secures the encryption keys used for MarkLogic DB, protecting data "at rest."
mc-afee
McAfee
Unbound safeguards the encryption keys used by McAfee Skyhigh CASB for uploading encrypted data to the cloud.
microsoft
Microsoft
Unbound is safeguarding the user Active Directory credentials used for 2FA.
microsoft-sql-server
Microsoft SQL Server
Unbound secures the encryption keys used for MS SQL TDE (transparent data encryption), protecting data "at rest."
mongo-db-gray-logo-full-color-rgb-01
MongoDB
Unbound secures the encryption keys used for MongoDB TDE (transparent data encryption), protecting data "at rest."
NetApp_logo_for_releases
NetApp
UKC protects NetApp encryption keys.
netskope
NGINX-logo-rgb-large
NginX App server
Unbound protects NginX app server TLS keys.
openssl
OpenSSL
Unbound OpenSSL engine enhances storage and retrieval of cryptographic keys, by protecting them as split key shares instead of as whole key material.
oracle
Oracle Database
Unbound secures the encryption keys used for Oracle TDE (transparent data encryption), protecting data "at rest."
ownera-logo
Ownera
UKC protects Ownera blockchain keys.
primeKey-164x53
PrimeKey
Unbound secures the PrimeKey EJBCA Root CA private keys, protecting the PKI environment.
python
Python
Unbound protects application keys and acts as the cryptographic provider for Python applications.
quorum
Quorum
UKC protects Quorum blockchain keys.
1200-px-salesforce-logo-svg-1
Salesforce
Unbound protects the cryptographic material within its secure boundary, while supporting BYOK and HYOK with Salesforce.
servicenow-2
ServiceNow
Unbound protects the cryptographic material within its secure boundary, enabling to perform edge encryption with ServiceNow.
splunk-black-white-bg
Splunk
UKC is integrated into Splunk for auditing operations.
symbiont
Symbiont
UKC provides key protection for Symbiont blockchain keys.
Thycotic Logo
Thycotic
UKC protects Thycotic master keys.
Light_background_logo
Venafi
Unbound UKC and Venafi's TPP integrate to protect machine-to-machine communications and machine identity using MPC-based technology.
vm-logo
VMware
Unbound defends the cryptographic keys used for VM encryption at the vCenter and vSAN.

Further Reading

Unbound Key Control User Guide

ukc
ukc-datasheet

Learn How to Protect
Assets with Unbound
Key Control

Learn More

Cryptographic Key Management Trends in 2020

In this survey, Unbound Tech and the Cyber Security Competency Group (CSCG) examine cryptographic key management practices across multiple sectors – and uncovers the truth about KM practices for enterprise in 202...

A Basic Introduction to Secure Multi-Party Computation (SMPC)

Confused over MPC and what it means for cryptographic key protection in the enterprise? Learn straight from the experts with our new guide. A Basic Introduction to Secure Multiparty Computation (SMPC) is authored by...

FIPS 140-2 Certification Levels: Security and Compliance Considerations

FIPS 140-2 certification provides vital assurance that cryptographic modules meet industry-accepted standards for protecting keys. Digital transformation has intensified the threat landscape across all networks and ...
Your Cryptographic Security Setup

Is Your Cryptographic Security Setup Holding You Back?

Imagine a scenario where data is kept on hard drives or disks you own, phones can only… well… make phone calls (or send simple text messages), and currency is only of the traditional fiat kind. Welcome to 19...
The Cost of Doing Nothing

Securing Identity: The Cost of Doing Nothing

The old adage of “why do robbers target banks? Because that’s where the money is,” has never rung truer as it does today when we consider the increase in security attacks designed to gain access to identity ...
Encryption and Regulation

Encryption & Regulation

How Do I Encrypt Thee? Let Me Count the Ways In our recent blog post on NY-DFS compliance requirements, we discussed the significant role of encryption as a means for financial institutions to implement security ...
video-math-over-matter-webinar-light-400

How to protect your valuable digital assets In a zero trust environment?

Protecting valuable digital assets in zero trust environment. The mechanism behind the model of trust that eliminates the single point of compromise.
video-vhsmwebinar-light-400

How our pure software solution works

For those of you wanting to see exactly everything you can do in the Unbound NextGen vHSM® Interactive Demo, we’ve prepared this video tutorial that gives you a behind the scenes look.
video-casp-webinar-light-400

Digital assets: Security with speed and efficiency

Organizations are protecting clients’ digital assets by enabling easy to operate and automate transactions solution.

Control, Manage & Protect all Your Cryptographic Keys from a Single Pane of Glass

Let Us Show You How
product-ukc-talktous-hero