The Fortanix Opportunity to Reshape Data Protection in Cloud-First World

seth knox fortanix
Seth Knox
Published:Oct 9, 2019
Reading Time:5 Minutes

Before I immerse myself in the day-to-day chaos of building the marketing organization from scratch at Fortanix, I wanted to reflect and share the unique opportunity I see for the business.

As I have worked in different sectors of cyber security from endpoint security to strong authentication to email security, the highest risk and mostly costly security threats always result in the theft of data.

Whether its credit card information, health records, or intellectual property, the most valuable assets of a business are nearly always its data. With the advent of the breach notification laws and the lost business associated with a public breach, the average cost of all data breaches has skyrocketed to more than $8M per breach, with mega breaches costing as much at $438 million.

There are two related multi-billion-dollar opportunities I see for Fortanix; First, enabling the next generation of data protection and key management in a cloud-first world, and second, the last mile of encryption required to protect data while in use by applications.

The average cost of all data breaches has skyrocketed to more than $8M per breach, with mega breaches costing as much at $438 million.

Here’s a quick customer testimonial video to whet your appetite and break up my long blog.

Watch more video testimonials on our Resources page.

Disrupting the Data Protection, HSM, and Key Management Markets

While the importance of data protection has increased, the shifting of data storage from on-premises enterprise storage protected by perimeter security to public cloud storage and SaaS applications has introduce new challenges to encrypting data.

The encryption technologies in place at most Fortune 500 businesses today called “Hardware Security Modules” (HSM), were designed in the early 1970s.

That’s before I was born, and my teen-age daughters tell me I am old. HSMs are literally the keepers of the keys to the kingdom and have evolved to be more and more secure but lack modern API interfaces, multi-site management and cloud integration. As a result, existing applications that have highly sensitive data are difficult to move to the cloud with the same level of security.

New applications tend to rely on their cloud providers to manage their keys, which doesn’t provide the security, control and flexibility needed to protect data. From what I have gathered so far, everyone hates their HSMs, and the market is ripe for disruption with a next generation of solutions that is better, faster, cheaper.

Fortanix is the only vendor I have seen with the vision to solve this problem in its entirety. The Fortanix encryption platform provides the same security and encryption standards as the HSMs, and even leverages investments in existing HSM hardware, while providing an encryption platform for the 21st century.

Fortanix can be delivered on-premises, in the cloud, or in hybrid environments. The platform can be clustered across multiple regions and cloud providers, enabling businesses to move critical applications to the cloud, yet retain control of their own encryption keys (AKA Bring Your Own Key Management System – BYOKMS). The system scales out infinitely and provides integrated high availability and disaster recovery.

From looking at some initial customer deployments, the total cost of ownership is on the order of 90% less than continuing with traditional siloed HSMs.

fortanix dsm

While the cost reduction will make the CFO happy, the more important benefit to the business might be the speed and flexibility the system provides to application developers, DevOps and SecOps teams.

When developers implement cryptography, shared secrets and tokens the old way, it slows down application development and, more often than not, security suffers as developers sacrifice security for time to market.

With Fortanix, application developers have a single platform for encryption, shared secrets and tokenization that provides data protection services through RESTful APIs, accelerating development and enabling applications to run in the cloud, on-premises or in hybrid cloud environments.

The Promise of Confidential Computing

Before I joined Fortanix, my view on encryption was that it was a solved problem. We have extensive encryption while data is at rest and stored, both on-premises on in the cloud. TLS and SSL standards are widely used to protect data in transit.

What I didn’t realize was that one third of the equation was missing; encryption when the data is being used by the application. If a cybercriminal gets access to an application server that is processing payments, they can dump the memory of the application and see the credit card numbers, pins and whatever sensitive data was being processed.

In an era where you must assume that cyber criminals can get through your perimeter and credentials to cloud databases are routinely stolen, this is a huge vulnerability and the last mile that we need to cover in encryption.

Intel with its Software Guard Extensions (Intel® SGX) and Fortanix with its Runtime encryption® technology have pioneered a new approach to protecting data while in use by applications called Confidential Computing.

The technology works by using a combination of hardware security built into Intel CPUs and software from Fortanix to create enclaves that execute the code in an encrypted environment inside the CPU, protecting data used by the application while in use.

While it is early days for confidential computing, it has powerful backers such as Intel, Google Cloud, and IBM that have formed the Confidential Computing Consortium combined with innovative solutions from Fortanix that make confidential computing a reality at early adopter F500 companies. 

Microsoft Azure Confidential Computing makes it possible to deploy virtual machines on Intel® SGX hardware and Fortanix Runtime Encryption® can be used to create protected enclaves on Microsoft cloud infrastructure.

IBM Cloud Data Shield is now offering confidential computing as a service with both Intel® SGX and Fortanix Runtime encryption through its IBM Cloud Data Shield offering.

Parting Thoughts

With funding from Intel, Foundation Capital, and NeoTribe, Fortanix is well positioned to reshape the way enterprises protect data, accelerate application development and enable the move of sensitive applications to the cloud.

Gartner recently selected Fortanix as a “cool vendor” and we were featured in its 2019 Hype Cycle for Cloud Security and several other reports. I’m excited to get started. If you know anyone who would like to join this journey, we’ll be hiring.

Share this post: