New Zero Trust solutions from Entrust

Entrust, a global leader in identity and data security, has announced new foundational identity, encryption, and key management solutions.


“Zero Trust approaches are reshaping security in a perimeter-less world. While the conversation often starts with identity and network access, organisations are quickly finding that identity and access management is only the beginning. A comprehensive Zero Trust framework starts with enabling trusted identities across users, devices, machines, apps, and workloads, and extends to a data protection strategy to secure data in-transit, at rest, and in-use across both public and private cloud environments,” said Bhagwat Swaroop, President of Digital Security Solutions at Entrust.


“Getting to a Zero Trust framework is a multi-year project, one that requires trusted partners to help you build your framework on a solid foundation. Entrust is uniquely positioned to help organisations establish Zero Trust foundations: including both high-assurance identity and access management and applied encryption to help secure data today and for the post-quantum future. Moreover, our capabilities extend to comprehensive security posture management governing identities, entitlements, keys, certificates and secrets across multi-cloud, hybrid, and on-premises operations,” Swaroop said.


To support this evolution, Entrust is introducing pivotal advancements in identity, encryption, and multi-cloud security to support Zero Trust frameworks. These include:


  1. Identity: Adding new passwordless, certificate-based authentication with smart keys and FIDO2 passkeys to the full-suite Entrust Identity IAM solution; as well as cloud-based Entrust PKI as a Service (PKIaaS) turnkey integration with Microsoft Intune and other mobile device management (MDM) providers to accelerate device enrolment at scale.
  2. Encryption: Launching nShield 5, a high-performance, next-generation HSM with multitenant capable architecture and support for post-quantum readiness.
  3. Multi-Cloud: Releasing new Entrust KeyControl 10 solution, using an innovative approach that delivers consistent multi-cloud key and secrets policy compliance management, for data protection across SaaS applications, customer databases, and workloads, both cloud-based and on-premises.



Identity: Cloud-based IAM solution passwordless options with FIDO-2 compliance, passkeys, and enhanced risk-based authentication

As enterprises continue to advance their Zero Trust projects, an identity-first approach to security is foundational. Entrust has been enhancing its Identity as Service (IDaaS) solution, a full-suite IAM platform. Enhancements include:


  1. New high-assurance passwordless capabilities that include certificate-based authentication, FIDO2 keys, FIDO2 passkeys and others.
  2. Elevated security with enhanced risk-based adaptive multifactor authentication that seamlessly integrates additional risk factors from external providers and performs continuous validation throughout user sessions, as well as enforces appropriate step-up authentications.
  3. Support of outbound System for Cross-domain Identity Management (SCIM) for app provisioning in third-party cloud applications (service providers).
  4. Entrust also has enhanced Customer IAM (CIAM) capabilities, enabling seamless and connected experiences for customers or citizens with passwordless authentication, digital signing, ID verification & proofing for a more secure digital experience.

Recognising that secure device enrolment at scale is critical to Zero Trust frameworks, Entrust also has added zero-touch, turnkey integration between its cloud native Entrust PKI as a Service (PKIaaS) and Microsoft Intune and other MDMs, allowing customers to leverage Entrust PKI seamlessly with their IT management platform in minutes – without the need for on-premise hardware or software.


Organisations can enrol devices of any kind securely with extended key and certificate parameters to support advanced identification, authentication, and authorisation schemes that enable Zero Trust frameworks.


Encryption: Next-generation HSM performance and crypto-agility

Encryption is at the heart of Zero Trust frameworks, providing critical protection for sensitive data. As demands on encryption continue to expand, Entrust is launching the next generation of its Entrust nShield® Hardware Security Modules. The new nShield 5 HSMs deliver superior performance for the root of trust enterprises need across today’s business-critical enterprise applications and provide a platform for the future cryptographic data protection needs of a post-quantum world. Entrust nShield 5 HSMs use an innovative multitenant capable architecture scheduled for certification to the FIPS 140-3 standard.


“As enterprises increasingly migrate business processes to the cloud, managing privileged access credentials and secrets continues to be a top priority. Ensuring that critical applications and their underpinning cryptographic keys and secrets can be protected and managed throughout their lifecycle is vital. The launch of the new Entrust nShield 5 HSM gives our joint customers the robust hardware root of trust they need to protect their organizations’ most critical assets,” said David McNeely, CTO for Delinea, an Entrust partner.


“F5’s deep experience in application delivery and security services helps customers protect their critical applications, ensuring they are safe, secure, and always available. The launch of Entrust FIPS nShield 5 HSM provides F5 customers with not only enhanced performance but also cryptographic agility for a rapidly changing threat landscape,” said Arul Elumalai, SVP and General Manager of BIG-IP at F5, an Entrust partner.


Multi-cloud security: Redefining key management with decentralized vault and cloud-based compliance management

Protecting encryption keys is critical to the Zero Trust foundation. The newest release of the Entrust KeyControl solution enables information security teams to centrally manage encryption keys and secrets across decentralised, multi-cloud applications. With this release, the KeyControl solution uses a unique, innovative decentralised vault-based architecture, combined with centralised compliance and risk management to deliver enhanced keys and secrets management. This approach lets an enterprise replace manual or ad hoc practices with consistent policy governance for data protection across customer databases, whether cloud-based, hybrid, or on-premises.


“In the face of persistent threats of cyberattacks, organisations demand cyber resilience for their data,” said Joseph Razavian, Head of Security Alliances, Cohesity, an Entrust partner. “By running Entrust KeyControl 10 in conjunction with the Cohesity Data Cloud, enterprises not only gain automated and simplified encryption key management but can also better secure, manage and unlock value from their data no matter where their data is for comprehensive cyber threat protection.”