In conversations with customers, we find a strong demand to be able to run sensitive application logic and custom cryptographic schemes inside an HSM-grade trust boundary. To address this demand, Fortanix developed a Runtime Encryption Plugin capability for Fortanix Self-Defending Key Management Service™ (SDKMS) and Equinix SmartKey™, powered by Fortanix.
For historical reasons and technological barriers traditional HSM and key management did not, and still cannot, be delivered as a managed service. But what if they could be delivered as a secure, easy and simple to consume managed service?
While encryption remains an effective data protection control, it is increasingly difficult to use to protect databases given rapid data growth, clustering of databases and distribution of databases across geographies, across clouds.
At Fortanix we are building a new class of solutions called Runtime Encryption, leveraging Intel® SGX, to protect applications and data in use. We often receive inquiries about the impact of side channel attacks on Intel® SGX and Fortanix solutions.
When it comes to the adoption of hybrid or multi-cloud IT, we find in our customer conversations that it's not a question of whether to adopt but rather at what stage of maturity to adopt. To ensure that transition is secure, most customers are rethinking data protection, encryption, and key management controls.
One of the challenges to implementing data at rest encryption is the need for robust key management. Solutions dealing with sensitive or high-value data require the use of a hardware security module (HSM).