Planning and Implementing an Enterprise KMS

rob stubbs fortanix
Rob Stubbs
Published:Sep 5, 2023
Reading Time:3mins
enterprise kms

As organizations adopt stronger controls for data security and data protection to counter growing cyber threats and an increasingly tough regulatory regime, the need for an enterprise key management system (KMS) quickly becomes apparent (see: Data Security Success: Introducing a Key Management Maturity Model).

Planning an Enterprise KMS

When planning an enterprise key management system, the following factors need to be considered:

  • Who / what is within scope? (e.g. business units, applications, cloud)
  • Which legacy tools / systems need to be replaced? (e.g. HSMs and standalone key management solutions)
  • What organizational and process changes will be required? (e.g. roles, responsibilities, and governance standards – see: 10 Key Management Best Practices You Should Know)
  • How should the roll-out be phased? (which are the priority users / use cases?)
  • What are the expected benefits? (see: The Business Case for Enterprise Key Management)

Implementing an Enterprise KMS

An enterprise key management system is a strategic investment that will deliver significant benefits if planned and implemented properly. But one of the biggest mistakes is to spend years planning your strategy and preparing for an enterprise-wide big bang – an approach that is almost doomed to failure.

While some consideration must be given to the points above (Planning an Enterprise KMS), the most efficient and effective implementation approach is an agile one; this means getting started as soon as you can with an enterprise key management system that offers the flexibility and scalability to grow and adapt as you expand the solution across the organization. This way, you can begin to reap some of the benefits immediately, ensure that new use cases are on-boarded by default (and thereby prevent creating a bigger legacy problem), and learn how to make it work within your organization as you go.

enterprise key management using dsm

Choosing an Enterprise KMS for Agile Implementation

The following criteria should be considered when selecting an Enterprise KMS solution to suit an agile implementation approach:

Simplification – The solution should enable you to rationalize and simplify your cryptographic security environment by offering a fully integrated capability managed through a single pane of glass, capable of replacing multiple legacy key management systems, HSMs, and other data security components. Beware of poorly integrated solutions built from multiple vendor acquisitions.

Deployment flexibility – The solution should give you the flexibility to deploy the solution where and how you want to, e.g. on-premises, in the cloud, or as a managed SaaS solution local to your workloads (or even a combination of these deployments).

Operational flexibility – The solution should offer a flexible operational model so you can configure and use the product in accordance with your evolving needs, including the ability to delegate responsibilities as required, define your own compliance policies, and support re-charging usage to consumers within the business.

Migration – The solution should support a phased migration from your existing key management systems, HSMs, and other data security components.

Scalability – The solution should be able to start small, but have unlimited capability for growth over time, where you are only paying for what you actually need.

Future proofing – The solution should be modern, well-architected, extensible, and post-quantum ready to ensure it will continue to meet your evolving needs. Beware of solutions that have been around a long time and have a limited useful lifespan.

Resilience – The solution should support very high availability and disaster recovery capabilities. For EU financial institutions, it should be consistent with the demands of the Digital Operational Resilience Act (DORA).

For more guidance on choosing an Enterprise KMS, see: The Buyers Guide for Modern Key Management and Data Security.

About Fortanix Data Security Manager (DSM)

Fortanix DSM is the first-of-a-kind unified data security platform that fully integrates multiple capabilities such as HSM, key management, secrets management, tokenization, and data masking, all managed from a single pane of glass.

Fortanix DSM is the only enterprise KMS solution that runs entirely within the FIPS 140 security boundary for higher assurance; it is also unique in utilizing secure coding methods (using the Rust programming language) and state-of-the-art confidential computing technology for greater defence-in-depth.

How Does Fortanix DSM Fulfil the Selection Criteria?

Simplification – As a unified data security solution, Fortanix DSM enables customers to simplify their operations and consolidate the vendors they work with.

Deployment flexibility – Fortanix DSM offers hardware, virtual, or multi-region SaaS deployment options (or a combination thereof) to address different requirements across multiple business units, geographies, and use cases.

Operational flexibility – Fortanix DSM supports multi-tenancy, centrally-defined policies, and role-based access controls to enable each customer to decide how much control they wish to delegate to lines of business and metrics enabling an internal re-charging model.

Migration – Fortanix DSM integrates with legacy HSMs to simplify migration and enable a seamless transition of services without a “big bang”.

Scalability – Fortanix DSM is built on modern cloud-native technologies to scale flexibly and seamlessly with customers’ needs, making it possible to start small and scale the solution in a controlled way, paying only for what you use.

Future proofing – Fortanix DSM is a modern, well-architected solution built with extensibility and future demands in mind; new feature releases are available on a monthly basis.

Resilience – Fortanix DSM employs active-active clustering technology for >99.95% uptime. For exit scenarios, all customer data is exportable under customer-defined quorum controls for security and compliance.


Every organization needs an enterprise KMS, and, with Fortanix DSM, every organization can afford one. In a larger organization, introducing an enterprise KMS can be a challenge, but the longer you delay, the harder it will be. So, ask for a demo or sign up for a free trial and start your journey today.

Share this post: