Fortanix Collaborates with Goldman Sachs on Data Migration Initiatives
Customer Profile
Goldman Sachs is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered at 200 West Street in Lower Manhattan, with regional headquarters in London, Warsaw, Bangalore, Hong Kong, Tokyo, Dallas and Salt Lake City, and additional offices in other international financial centers. Goldman Sachs is the second largest investment bank in the world by revenue and is ranked 57th on the Fortune 500 list of the largest United States corporations by total revenue.
Products
Data Security Manager
Business Challenge
- Goldman Sachs was looking to increase efficiency and manage expenses around backup media and the operational needs of managing the backups. Moving the various structured and unstructured data in the scattered on-premises Hadoop data lakes toward a centralized Amazon S3 environment enables more flexibility in accessing this data when required.
- However, migrating these data lakes required a robust encryption implementation to comply with data privacy and security regulations. With strong encryption mechanisms and key ownership, Goldman Sachs maintains control of their data and enforces segregation of data and keys.
Fortanix Solutions
The customer chose Fortanix Data Security Manager (DSM) to manage data that is globally stored, utilized, and analyzed. Fortanix proved an especially good fit because it integrates with various applications improving their overall data security posture.
The customer operates a large production cluster of Fortanix DSMs consisting of 10 nodes, strategically distributed across five data centers worldwide, and uses DSM for the following capabilities.
To ensure the keys stay segregated from where the data is stored and to provide the IT security team complete control of all keys and their lifecycles, Goldman Sachs needed to encrypt the data before uploading it to AWS S3. Therefore, Goldman Sachs first integrated Fortanix’s encryption workflows into the Hadoop environment to generate and securely transport Data Encryption Keys (DEKs), which in turn are protected by Key Encryption Keys, stored on FIPS 140-2 Level 3 validated HSMs. This way, access to files and data blocks is fully controlled by Fortanix DSM with granular role-based access policies.
With Fortanix DSM, the teams automated the key rotation process to simplify their operations, including regenerating keys when S3 objects are overwritten. Fortanix DSM’s Quorum Control feature also requires the approval of multiple administrators for sensitive key operations such as deleting a key. Regardless of the volume of data stored, Key Management operations are now very easy; managing keys to encrypt and decrypt takes just a couple of clicks.
Goldman Sachs also built a strong relationship with the Fortanix sales teams to evaluate and deploy use cases, knowing they have stellar support whenever it’s required.
