Medical Imaging Company Meets GDPR Compliance with Fortanix Enterprise Key Management Solution
Customer Profile
The customer is a worldwide leader in AI-powered medical imaging, delivering powerful diagnostics to support optimal treatment decisions for improved patient outcomes. The customer uses Amazon Web Services (AWS) as their Cloud Service Provider (CSP).
Products
Data Security Manager
Business Challenge:
- The customer wanted to secure Personally Identifiable Information (PII) and Protected Health Information (PHI) for their EU business operations. This requirement comes in response to the General Data Protection Regulation (GDPR).
- The data being stored in the AWS cloud environment required sovereign control and ownership of their cloud encryption keys.
- In this case, because AWS is a US-based company, under the US PATRIOT Act, the CSP could be compelled to hand over encryption keys to the US government, along with the stored PII/PHI data.
Solutions
Fortanix Key Management Service
Fortanix offers a comprehensive Cloud Native Key Management Service for AWS, including Bring Your Own Key (BYOK) and Bring Your Own KMS (BYOKMS), with complete lifecycle management for automation. The Fortanix platform is built on Confidential Computing technology, utilizing integrated FIPS 140-2 level 3 certified HSMs.
Software as a Service (SaaS)
The Fortanix solution provides the customer with centralized control over the lifecycle of their keys, whether they are used on-premises or in the cloud. And, because the Fortanix solution is Software as a Service (SaaS), they did not have to deploy a complex key management solution themselves.
Data Tokenization
The customer has sole key custody. Neither Fortanix nor AWS can access the keys that protect the customer's data. This additional layer of security means that—even if requested under the US PATRIOT Act—the CSP would not be able to provide the data hosted in their environment.
Benefits
With Fortanix Data Security Manager (DSM) SaaS, the customer can confidently operate and expand within the EU market without overhauling its existing cloud-first model.
They can comply with the GDPR’s requirements by ensuring that sensitive data, including PII and PHI, is encrypted, and that they have exclusive control over their encryption keys.
Compliance mitigates the risk of fines and legal issues, solidifies the company’s reputation for protecting customer data, encourages customer loyalty, and opens new opportunities in the European market.
Because the Fortanix solution integrates with the customer’s existing AWS environment, they were able to continue benefiting from the cloud’s agility, scalability, and cost-efficiency without re-engineering their solution for the EU market.
The easy SaaS deployment of Fortanix DSM allowed the customer to implement the solution with minimal disruption. Moreover, the solution’s operational simplicity reduced the need for extensive training or specialized staff, avoiding the need to add staff.
