Key & Secrets Management
What is Encryption Key Management?What is Secrets Management? What is a Centralized Key Management System? What is Bring Your Own Key (BYOK)? What is a Credentials Management System? What is Key Management Interoperability Protocol (KMIP)? What is a Symmetric Key? What is an Asymmetric Key? What is Key Lifecycle Management?Multi-Cloud Data Security
How do I move my existing data security controls from On-Prem to the Cloud? How do I protect data as I move and store it in the Cloud? How do I ensure the cloud provider does not access my data?Can I use my encryption keys in the Cloud?How do I enforce data residency policies in the Cloud and comply with GDPR? How do I track and monitor data access and usage in the Cloud? Can I secure containers in the cloud or across different clouds? What is the Shared Security Model? What is multi-cloud key management?Google External Key Manager Service (EKM)
What is Google Cloud’s External Key Manager Service?How does Google Cloud’s External Key Manager work?What are the benefits of Key provenance in Google EKM? What are the benefits of Key centralization in Google EKM?What are the benefits of Key control in Google EKM?How Do You Decide When and How Can Your Data Be Decrypted? What are the requirements when implementing External Key Management? What are the Service integrations and technical considerations in Google EKMWhich GCP services are supported by Fortanix DSM? How Is Google EKM Available with Fortanix Integration? How does international data transfer from Europe work with Fortanix?AWS External Key Store
What is the AWS KMS eXternal Key Store (XKS) service? How does AWS XKS with Fortanix DSM work? What are the benefits of AWS XKS and Fortanix Integration?What are the benefits of Key provenance in AWS XKS?What are the benefits of Key centralization in AWS XKS?What are the benefits of Key control in AWS XKS?Which AWS cloud services are supported by AWS KMS External Key Store? How can AWS XKS integrate with Fortanix DSM? How does international data transfer from Europe work with Fortanix? How does Fortanix DSM as XKS affect KMS service reliability and performance? What is the latency of the XKS service offered by DSM SaaS? Do AWS Services cache Data Encryption Keys serve by AWS KMS? For how long?Code Signing, Certificates, Stamping
What is a Digital Certificate?What is a Certificate Authority? What is Code Signing? What is a Digital Signature? What is Time Stamping?What is Time Stamping?
Whenever a piece of information or an event is recorded, it is timestamped. For example, a picture taken, video recorded, shared tweet, or any social media post. Timestamps are valuable for tracking when the information was created or modified. It is more effective in legal scenarios.
Suppose an organization signs a copyright contract with a distributor. The distributor violates the rules and argues that the event happened before the signed contract. In such cases, the organization can prove the facts if they have a timestamp of the contract signature. However, timestamps solely based on time clocks are vulnerable. Hackers can easily hack the system clocks to compromise the information.
Timestamping Authority (TSA), a trusted third party, generates trusted timestamps using secure FIPS-compliant hardware to avoid data manipulation. RFC 3161 – RFC 5035 and Microsoft Authenticode are two major protocols usually followed by TSAs for time stamping.
The client application creates a hash and sends it to the TSA for time stamping. Once the hash is submitted, any changes made to the code must be communicated to the TSA. The TSA combines the hash of data and the trusted time stamp using the PKI technology to create a timestamp token. The client attaches the timestamp token to the document or code signature.
Trusted timestamps ensure non-repudiation and Long-Term Validation (LTV) of the signature. LTV is applicable when users want to download a developer's software and confirm the validity of a signature even after it is revoked or expired. The user machine will validate the signature based on the time it was digitally signed rather than the current time of his system and allow him to download the software but without the latest updates. The developer can re-issue the code signing certificate.