Protecting Data from Breaches Requires an Encryption Key Management Strategy

aroop menon fortanix
Aroop Menon
Published:Nov 13, 2020
Reading Time:3 Minutes

Data breaches have only been increasing and it's estimated that nearly 1.5 billion people will have their personal data exposed through data breaches in 2020.

How can you take steps to safeguard the customer, employee, and patient data you are entrusted to protect?

According to a recent Gartner report,

“Privacy and data breaches continue to be widespread due to lack of data security governance and operational frameworks for encryption.”

The report includes recommendations to:

  • Employ data security governance principles.

  • Establishing crypto operations that are consistent enterprise wide.

  • Minimize the number of data security vendors.

  • Apply crypto to all data protection use cases.

Download the Gartner report: Develop an Enterprise-wide Encryption Key Management Strategy

In this blog, we will cover how Fortanix can help enterprises implement an encryption key management strategy in line with the three key areas recommended by Gartner.

The three key areas of enterprise-wide encryption key management

3 key areas of enterprise-wide key management

1. Employing data security governance principles

Any successful data governance policy should consider factors like data residency, compliance requirements, privacy impact, prioritized security risks and threats.

According to Gartner, 81 percent of businesses are adopting a hybrid cloud and multi-cloud strategy. But they are held back because of compliance requirements or regulatory regulations.

The risk of third-party access to the encryption keys also has resulted in many organizations holding back on this journey.

How Fortanix can help?

Fortanix manages data security for multiple public clouds and hybrid environments through a single platform that can scale and cluster between global sites.

It is not secure to store encryptions keys in the same location as the data it is used to encrypt. If cloud provider insiders or cybercriminal gain access to those keys, they can decrypt data stored in the cloud leading to a data breach and violation of privacy regulations.

Fortanix secures data everywhere while enabling customers, not cloud providers, to maintain control of their encryption keys and their data at all times.

Many regulated industries including financial services, healthcare, and retail require that encryption keys be stored in FIPS 140-2 Level 3 validated HSMs.

Unlike cloud-native key management services, Fortanix provides FIPS 140-2 Level 3 protection for all encryptions keys, secrets, and tokens, enabling regulated industries to move sensitive data to the public cloud without risking compliance.

With Fortanix, organizations can now use and store encryption keys outside the cloud provider.

2. Focus on day to day operations

Minimizing encryption vendors; simplifying key management

The encryption strategy of the enterprise must consider all the ways the data can be stored, input and output. It is also important to minimize the number of encryption vendors and simplify key management by making use of a vendor that can help with multiple data protection use cases.

How Fortanix can help?

Fortanix provides Data Security as a Service (DaaS) platform with integrated hardware security module (HSM), Key management, encryption, shared secrets, and tokenization capabilities.

Fortanix enables customers to reduce the cost of complexity of data security by consolidating or replacing multiple encryptions, HSMs, key management, tokenization and secrets management systems with a single integrated system with standardized cryptographic interfaces.

Fortanix provides a “single pane of glass” modern and intuitive user interfaces for simplified administration and control.

Powerful RESTful APIs make it easy for developer and DevOps teams to use and integrate data security into their applications.

3. Operationalize Encryption Key Management Deployments (access, backup, long-term storage, and agility)

One of the most critical operational configurations involves the backup of the key management database. Without a proper backup solution, any system failure could result in a complete loss of data.

Long term retention of the backup, ability to store historical audit records, options for on-site and offsite key storage are all critical.

How Fortanix can help?

Fortanix offers cloud-scale and pervasive data security that secures sensitive data across public, hybrid, multi and private cloud environments. Unified key management ensures absolute control over data across any environment.  

Our SaaS platform allows organizations to store and manage all their cryptographic keys and secrets in one place, and separate keys from where data is stored.  

Fortanix Data Security Manager (DSM) is the only platform solution in the market that enables consistent encryption key management policies across on-premises, cloud, tenants, and regions.  

DSM allows cloud architects to securely migrate sensitive workloads to the cloud and manage hybrid and multicloud environments from a single console.  

Security practitioners can now simplify and centralize crypto operations enabling improved collaboration with dev teams and reduced cost and complexity associated with legacy point solutions. With a unified platform architecture, Fortanix secures data, wherever it resides. 

Share this post: