Fortanix SDKMS Earns FIPS Level 1 Certification Validating Cryptographic Protections Delivered in its Runtime Encryption Solutio
Fortanix® Inc., the Runtime Encryption® company, today announced that its Self-Defending Key Management Service™ (SDKMS) has earned the Level 1 certification of the Federal Information Processing Standard (FIPS) Publication 140-2, a U.S. government computer security standard used to approve cryptographic modules. Users now have confidence that Fortanix has passed strict government requirements, validating SDKMS’s ability to maintain the confidentiality and integrity of protected information.
“At O.C. Tanner, security is our highest priority,” said Niel Nickolaisen, Senior VP and Chief Technology Officer, O.C. Tanner. “Fortanix offers an unmatched level of security that applies to our on-premises and cloud infrastructure. Now, with FIPS Level 1 validation of its Self-Defending Key Management Service, we are delighted that SDKMS is compliant with the federal norms and our data is encrypted with maximum security. FIPS can be a very effective tool when dealing with regulators.”
SDKMS is also the industry’s first commercial software product built using Intel Software Guard Extensions® (Intel SGX®)to achieve FIPS Level 1 certification. In addition to giving users U.S.-backed certified confidence in the cryptographic security measures of SDKMS, the certification helps in the regulatory compliance measures of some customers, including those in the federal, financial services and healthcare sectors.
“FIPS Level 1 certification is a significant achievement for Fortanix, particularly for compliance for federal and other regulations that are important to customers,” said Ambuj Kumar, Co-Founder and CEO of Fortanix. “Users and partners alike have the assurance that Fortanix protects data in use and cloud data that is now backed by the U.S. government.”
Fortanix is solving today’s cloud security and data privacy problem. By decoupling security from the infrastructure, Fortanix removes complex and intractable security challenges experienced with current solutions. Running applications in protected enclaves enables a new level of deterministic security on premise, in hybrid environments, and even on remote clouds, protecting data even when systems are compromised.
Some components of SDKMS are already FIPS Level 3 certified, while Level 3 certification for the Fortanix hardware is currently underway.
Self-Defending Key Management Service™ (SDKMS) is the world’s first commercial solution built using Intel® SGX, delivering Runtime Encryption technology to protect keys, applications and data during use. SDKMS offers key management, HSM, and tokenization as a service – all rolled into one product with infinite scalability for number of keys and number of operations. It has support for both legacy and new applications with PKCS#11, KMIP, JCE, MS-CAPI, MS-CNG, and REST interfaces. Customers use SDKMS to encrypt their databases (Oracle, Microsoft SQL server, MongoDB, etc.), run their certificate authority, manage their cloud secrets, and encrypt their VMware vSAN clusters. SDKMS is a FIPS 140-2 validated solution that can meet various compliance requirements, such as GDPR and PCI.
Fortanix’s mission is to solve cloud security and privacy challenges. Fortanix allows customers to securely operate even the most sensitive applications without having to trust the cloud. Fortanix provides unique deterministic security by encrypting applications and data everywhere – at rest, in motion, and in use with its Runtime Encryption® technology built upon Intel® SGX. Fortanix secures F100 customers worldwide and powers IBM Data Shield and Equinix SmartKey™ HSM-as-a-service. Fortanix is a venture backed Gartner Cool Vendor headquartered in Mountain View, Calif.
Fortanix and Runtime Encryption are registered trademarks of Fortanix, Inc. Fortanix Data Security Manager is a trademark of Fortanix, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.
FIPS 140-1 and FIPS 140-2 TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments