Announcing Fortanix DSM support for the AWS External Key Store (XKS)

Shashi Kiran Fortanix
Shashi Kiran
Published:Nov 30, 2022
Reading Time:4 Minutes
DSM support for AWS External Key Store

Together with Amazon Web Services (AWS), we are pleased to announce support for the AWS KMS External Key Store (XKS) with the Fortanix Data Security Manager (DSM) platform. While we have always supported Bring Your Own Key (BYOK) functionality for AWS customers, the new capability being announced today significantly expands the offering providing greater flexibility and control to enterprises the world over.

This also continues to build on Fortanix’s strategy to expand choices for enterprise customers that use cloud platforms like AWS. Some may prefer an external key management solution to increase their control, while decreasing the complexity of compliance and operations across hybrid and multi-cloud infrastructures.

While the GDPR and Schrems II mandates accelerated the need for external key management solutions Europe, it is clear that these needs are expanding to become global requirements. Other countries and even states are jumping into the fray with clear specifications for safeguarding Personally Identifiable Information (PII).

For example, Schrems-II doesn’t allow keys that provide access to the encrypted data, to be hosted outside of the European Economic Area (EEA). Privacy and compliance are calling the shots on the data protection lifecycle.

According to IDC FutureScape’s Top 10 predictions for the Future of Trust, published in November 2022, by the end of 2024, 65% of major enterprises will mandate data sovereignty controls from their cloud service providers to adhere to data protection and privacy regulatory requirements (Prediction #4). This is a compelling mandate.

It should therefore be welcome news for AWS customers to see them support additional partners that complement their cloud-native key management. The Fortanix DSM platform is built to handle such integrations easily and provides an easy workflow to support the AWS Key Management Service (KMS) with External Key Store (XKS).

aws external key store

Who should consider the Fortanix and AWS External Key Store (XKS) solution?

  • AWS customers that wish to maintain data sovereignty controls to adhere to data protection and privacy regulatory requirements like GDPR, Schrems-II and others.
  • Enterprises that want consistent data access control policies across AWS cloud and their on-premises deployments through a unified approach to key management.
  • Enterprises that embrace multi-cloud solutions and want a single pane of glass approach to key lifecycle management while migrating workloads between AWS and other public clouds.

In a nutshell, this solution is applicable to enterprises of all sizes, across verticals and different global regions.

  • Fortanix DSM is purpose-built to be a data-first, multi-cloud security platform that offers a seamless solution for key lifecycle management.
  • It is available as a SaaS solution with modern REST APIs (along with the flexibility to deploy it on-premises), powered by FIPS 140-2 Level 3 HSMs, all of which offer a frictionless experience.
  • It is a proven platform that scales to billions of transactions and addresses the need for privacy and compliance for various verticals including banking and financial services, infotech, healthcare, retail, transportation, manufacturing, and government, to name a few.
  • Fortanix already supports similar functionality for Google, with public customers like the University of Groningen and PayPal. Delivering a similar functionality to AWS customers allows us to deliver flexibility to even more enterprise customers.

Now available for free with Fortanix DSM Explorer!

To get started, dive right in to experience the AWS External Key Store integration with Fortanix DSM Explorer. The limits are 1 app, up to a thousand transactions with 10 keys. This is available by clicking the “Try Us” button on the Fortanix website and selecting the DSM Explorer option. The DSM Explorer offering is free of cost, with no subscription fees or credit card required.

Where can you learn more about Fortanix’s support for AWS KMS External Key Store?

Fortanix created several assets to make you familiar with this capability. These include:

AWS links:

AWS Re: Invent 2023

At Re: Invent, you may attend the following sessions to learn more:

SEC212: AWS data protection: Using locks, keys, signatures, and certificates
AWS offers a broad array of cryptographic tools and PKI platforms to help you navigate your data protection and digital signing needs. Discover how to get this by default and how to build your own locks, keys, signatures, and certificates when needed for your next cloud application. Learn best practices for data protection, data residency, digital sovereignty, and scalable certificate management, and get a peek into future considerations around crypto agility and encryption by default.

SEC214-L: What we can learn from customers: Accelerating innovation at AWS Security
CJ Moses, CISO at AWS, showcases part of the peculiar AWS culture of innovation—the working backwards process—and how new security products, services, and features are built with the customer in mind. AWS Security continuously innovates based directly on customer feedback so that organizations can accelerate their pace of innovation while integrating powerful security architecture into the heart of their business and operations.

Join us for the webinar on AWS XKS and Fortanix:

In addition, we’d like to invite you to a webinar:

AWS + Fortanix: New Innovations to accelerate cloud adoption through data security, privacy, and compliance

We are thankful for the collaboration with the entire AWS team that worked on this joint project and look forward to our joint customers benefiting from this solution.

Experience a Free 30-day Trial:

If you’d like to take a step forward, try out the full power of Fortanix DSM with a free 30-day trial, or engage directly with the free DSM Explorer for smaller use-cases.

Share this post: