DSM support for the AWS External Key Store

Together with Amazon Web Services (AWS), we announced support for the AWS KMS External Key Store (XKS) with the Fortanix Data Security Manager (DSM) platform. Fortanix had already supported Bring Your Own Key (BYOK) functionality for AWS customers, but this new capability expanded the offering significantly, providing greater flexibility and control to enterprises worldwide.

This also continues to build on Fortanix’s strategy to expand choices for enterprise customers that use cloud platforms like AWS. Some may prefer an external key management solution to increase their control, while decreasing the complexity of compliance and operations across hybrid and multi-cloud infrastructures.

While the GDPR and Schrems II mandates accelerated the need for external key management solutions Europe, it is clear that these needs are expanding to become global requirements. Other countries and even states are jumping into the fray with clear specifications for safeguarding Personally Identifiable Information (PII).

For example, Schrems-II doesn’t allow keys that provide access to the encrypted data, to be hosted outside of the European Economic Area (EEA). Privacy and compliance are calling the shots on the data protection lifecycle.

It should therefore be welcome news for AWS customers to see them support additional partners that complement their cloud-native key management. The Fortanix DSM platform is built to handle such integrations easily and provides an easy workflow to support the AWS Key Management Service (KMS) with External Key Store (XKS).

aws external key store

Who should consider the Fortanix and AWS External Key Store (XKS) solution?

AWS customers that wish to maintain data sovereignty controls to adhere to data protection and privacy regulatory requirements like GDPR, Schrems-II and others.
Enterprises that want consistent data access control policies across AWS cloud and their on-premises deployments through a unified approach to key management.
Enterprises that embrace multi-cloud solutions and want a single pane of glass approach to key lifecycle management while migrating workloads between AWS and other public clouds.

In a nutshell, this solution is applicable to enterprises of all sizes, across verticals and different global regions.

Fortanix DSM is purpose-built to be a data-first, multi-cloud security platform that offers a seamless solution for key lifecycle management.
It is available as a SaaS solution with modern REST APIs (along with the flexibility to deploy it on-premises), powered by FIPS 140-2 Level 3 HSMs, all of which offer a frictionless experience.
It is a proven platform that scales to billions of transactions and addresses the need for privacy and compliance for various verticals including banking and financial services, infotech, healthcare, retail, transportation, manufacturing, and government, to name a few.
Fortanix already supports similar functionality for Google, with public customers like the University of Groningen and PayPal. Delivering a similar functionality to AWS customers allows us to deliver flexibility to even more enterprise customers.

Now available for free with Fortanix DSM Explorer!

To get started, dive right in to experience the AWS External Key Store integration with Fortanix DSM Explorer. The limits are 1 app, up to a thousand transactions with 10 keys. This is available by clicking the “Try Us” button on the Fortanix website and selecting the DSM Explorer option. The DSM Explorer offering is free of cost, with no subscription fees or credit card required.

Where can you learn more about Fortanix’s support for AWS KMS External Key Store?

Fortanix created several assets to make you familiar with this capability. These include:

AWS links:

AWS re:Invent 2023

At re:Invent 2023, attendees joined several sessions to learn more about AWS Security and data protection.

SEC212: AWS data protection: Using locks, keys, signatures, and certificates
This session explored AWS’s array of cryptographic tools and PKI platforms that supported data protection and digital signing needs. Participants discovered how these capabilities were provided by default and how they could build their own locks, keys, signatures, and certificates when required for cloud applications. The session also covered best practices for data protection, data residency, digital sovereignty, and scalable certificate management, along with future considerations around crypto agility and encryption by default.

SEC214-L: What we learned from customers: Accelerating innovation at AWS Security
In this session, CJ Moses, CISO at AWS, showcased the AWS culture of innovation—the working backwards process—and explained how new security products, services, and features had been built with the customer in mind. He highlighted how AWS Security continuously innovated based on direct customer feedback, enabling organizations to accelerate their pace of innovation while embedding strong security architecture into their business and operations.

We hosted a webinar on AWS XKS and Fortanix:

AWS + Fortanix: New Innovations to Accelerate Cloud Adoption Through Data Security, Privacy, and Compliance

The session highlighted how AWS and Fortanix worked together to deliver stronger data security, privacy, and compliance capabilities. We were grateful for the collaboration with the AWS team on this joint project and looked forward to our customers benefiting from the solution.

You can check out the webinar recording: https://resources.fortanix.com/aws-fortanix-new-innovations-to-accelerate-cloud-adoption-through-data-security-privacy-and-compliance-on-demand-webinar

Experience a Free 30-day Trial:

If you’d like to take a step forward, try out the full power of Fortanix DSM with a free 30-day trial, or engage directly with the free DSM Explorer for smaller use-cases.