Sepior Threshold KMaaS

High-Performance, Cloud-Based Threshold Cryptographic Key Management As A Service Supporting Multi-Cloud And BYOK


Sepior’s Threshold KMaaS is the industry’s first true cloud-native, key management system that provides threshold cryptographic Key Management-as-a-Service (KMaaS), without dependency on hardware appliances or a single cloud provider. This white label software-as-a-service offering is available to cloud service and managed security service providers to offer KMaaS to your subscribers.

Sepior’s Threshold KMaaS may be hosted in Sepior’s cloud, the service provider’s cloud or multiple independent clouds for maximum availability and trusted third party integrity. It may also be hosted in subscriber controlled clouds to provide Bring Your Own Key (BYOK) services for customers requiring full control over the encryption keys while benefiting from the unparalleled scalability, availability, flexibility, and SaaS-economics of a pure-cloud KMS.

To test drive your subscriber’s service experience, simply contact us to register for a free trial. 


White Label Threshold KMaaS Considerations

Add Threshold KMaaS as a value-added subscription service to augment and complement existing SaaS or MSSP offerings

Threshold KMaaS is deployable in a purely cloud-based fashion

  • Sepior Threshold KMaaS leverages its patent-pending technology to offer strong security while maintaining the cost and ease-of-use found in cloud services

Threshold KMaaS distributes KMaaS functions across a cluster of 3 or more key management servers, using multiparty computation to collectively operate as a highly scalable, distributed, Threshold Security Module (TSM)

  • Supports encryption/decryption in the cloud, or

  • Supports encryption/decryption services natively on end-user devices

Threshold KMaaS servers may be hosted at different CSP clouds

  • Provides the increased availability and resiliency of multiple clouds

  • An attacker must compromise at least t Threshold KMaaS servers in different clouds to compromise the system, which adds entirely new levels of security

Threshold KMaaS Features & Benefits


Enterprise-grade white label Key Management as a Service system for CSPs to add KMaaS to their SaaS or MSSP service portfolios

  • White label SaaS platform, reflecting the service provider’s brand

  • Delivering advanced KMaaS services, without the cost or complexity of procuring, installing, scaling, and maintaining conventional HSMs

Deployable as a CSP managed Threshold KMaaS, or as a subscriber-controlled Threshold BYOK key management service

  • Provide lifecycle services key management for KMaaS subscribers, with the value-added differentiation of threshold cryptography

  • Allow enterprise customers to deploy Threshold KMaaS Threshold Security Module servers in their own private cloud, and/or enterprise managed third party clouds to provide self-managed BYOK to CSP hosted SaaS services

BYOK support for multi-cloud applications

  • Subscribers can use a common BYOK service across multiple cloud providers for common and consistent security and user experiences

Full lifecycle key management services

  • Generate, regenerate, rotate, and retire keys as required

Audit logging

  • Providing full visibility to events and authorizations

Cross-domain IdM support

  • Flexible identity management integration

Cloud-native micro services architecture

  • Automatically scale key management services up / down based on service loads

  • Eliminates dependency on a hardware appliance or dedicated VM to support scale requirements

  • Provides the system resiliency of fully redundant HSM configurations, without the cost or complexity of multiple redundant appliances

Distributed trust model, using threshold cryptography with multiparty computation

  • Keys are generated and managed without ever producing a whole key on any key server, eliminating the potential for server key theft

  • Provides hardware security module (HSM) trust level, without the need to purchase, install, physically secure, and maintain HSM appliances

Implemented as VMs, with no dedicated or proprietary hardware required

  • Minimizing CapEx and OpEx


Threshold KMS

Transact With Trust!