Medical Imaging Company Meets GDPR Compliance with EKM - Case Study

Customer Profile

The customer is a worldwide leader in AI-powered medical imaging, delivering powerful diagnostics to support optimal treatment decisions for improved patient outcomes. The customer uses Amazon Web Services (AWS) as their Cloud Service Provider (CSP). 

USE CASE

Compliance

INDUSTRY

Healthcare

PRODUCTS

Business Challenge:

Business Challenge:

The customer wanted to secure Personally Identifiable Information (PII) and Protected Health Information (PHI) for their EU business operations. This requirement comes in response to the General Data Protection Regulation (GDPR). 
The data being stored in the AWS cloud environment required sovereign control and ownership of their cloud encryption keys.
In this case, because AWS is a US-based company, under the US PATRIOT Act, the CSP could be compelled to hand over encryption keys to the US government, along with the stored PII/PHI data.

Solutions

Fortanix offers a comprehensive Cloud Native Key Management Service for AWS, including Bring Your Own Key (BYOK) and Bring Your Own KMS (BYOKMS), with complete lifecycle management for automation.  The Fortanix platform is built on Confidential Computing technology, utilizing integrated FIPS 140-2 level 3 certified HSMs.
The Fortanix solution provides the customer with centralized control over the lifecycle of their keys, whether they are used on-premises or in the cloud. And, because the Fortanix solution is Software as a Service (SaaS), they did not have to deploy a complex key management solution themselves.
The customer has sole key custody. Neither Fortanix nor AWS can access the keys that protect the customer's data. This additional layer of security means that—even if requested under the US PATRIOT Act—the CSP would not be able to provide the data hosted in their environment.