Global IT Leader Achieves Security and Compliance with Fortanix Cloud-first, DevOps Friendly Solution
Customer Profile
Fortune 100 company and a leader in IT and networking. The company develops, manufactures, and sells networking hardware, software, telecommunications equipment and other high-technology services and products.
Products
Data Security Manager
Business Challenge
- With multiple systems to manage, security teams often lacked an overarching and centralized visibility into data usage and control over encryption keys. This prevented security teams from accurate and timely reporting to meet compliance obligations.
- The Company was also embarking on a project to migrate the sensitive workloads to Google Cloud (GCP), utilize the Big Query based data lake and meet necessary compliance requirements. Google Cloud provided the External Key Manager capability which allowed organizations to control cloud encryption keys outside the cloud environment. Controlling keys outside of the cloud environment was critical to meet compliance.
- The pre-existing cloud native HSM/KMS systems did not support Rest APIs, modern DevOps tools and was not CI/CD ready. This meant it was not possible to integrate security into DevOps and made it much more complex to manage security
Fortanix Solutions
Fortanix Data Security Manager (DSM) SaaS provided integrated data security with encryption, multicloud key management, tokenization, and other capabilities from one platform, delivered-as-a-service. The phase one of the project included migrating to GCP and utilized Google Cloud External Key Manager (EKM) interface to manage encryption keys in Fortanix. Further the company expanded the use case to AWS cloud. Fortanix solution was used to manage keys generated in cloud, as well as for Bring/Hold-Your-own-Key (BYOK)/HYOK across all clouds.
Data Security Manager (DSM) FIPS 140-2 Level-3 Hardware Security Module and management layer for CSP HSMs via HSM Gateway.
Support for Transparent Data Encryption for Database Encryption at rest, including for SQL Server and Postgres.
Support for #PKCS11, MS CAPI, MS CNG, Java JCE, KMIP interfaces and other libraries.
Single UI / Endpoint for easier access.
Automated Load-Balancing / High-Availability.
Key Differentiators
Fortanix provided a DevSecOps platform that automates secrets via Terraform/GitHub. This allowed them to create and enforce policies around Key/Secrets Management. Rolling updates provided an interruption free update process, utilising the Native Splunk integration for logging and providing the most common interfaces to serve DevOps tools.
Fortanix offered a SaaS based model that was quick to deploy. The linearly scalable solution had the capability to store hundreds of millions of keys in one single cluster. Additional features like Key caching were offered to accommodate high volume of transactions and outperformed traditions KMS/HSM.
Backup and Disaster Recovery for keys stored in AWS CloudHSM and Azure Key Vault Managed HSM was deployed. This has a high availability with a minimum of 99.9 SLA.
