There are three Skyhigh CASB Secure Key Agent deployment options:
- Cloud Deployment. Used when you would want to rotate the keys but don’t want to install the KMIP server on premises. In this scenario, the key agent is installed on-premises, then connects to the KMIP server in the cloud to store and manage keys. The KMIP server is still owned and managed by your organization, but is deployed in the cloud.
- Hybrid Deployment. If you want to own (store keys on-prem) and rotate keys, choose this option. The key agent, as well as the KMIP server, are installed on-prem, then connect to the Skyhigh CASB cloud proxy server for securing cloud data.
- On Premise Deployment. If you have a proxy installed on-prem and you want to own the encryption keys, the KMIP server as well as the key agent (bundled with on-premises proxy software) is installed on-prem and connects to the existing on-prem proxy for securing cloud data.