Key & Secrets ManagementWhat is Encryption Key Management?What is Secrets Management? What is a Centralized Key Management System? What is Bring Your Own Key (BYOK)? What is a Credentials Management System? What is Key Management Interoperability Protocol (KMIP)? What is a Symmetric Key? What is an Asymmetric Key? What is Key Lifecycle Management?
Multi-Cloud Data SecurityHow do I move my existing data security controls from On-Prem to the Cloud? How do I protect data as I move and store it in the Cloud? How do I ensure the cloud provider does not access my data?Can I use my encryption keys in the Cloud?How do I enforce data residency policies in the Cloud and comply with GDPR? How do I track and monitor data access and usage in the Cloud? Can I secure containers in the cloud or across different clouds? What is the Shared Security Model? What is multi-cloud key management?
Google External Key Manager Service (EKM)What is Google Cloud’s External Key Manager Service?How does Google Cloud’s External Key Manager work?What are the benefits of Key provenance in Google EKM? What are the benefits of Key centralization in Google EKM?What are the benefits of Key control in Google EKM?How Do You Decide When and How Can Your Data Be Decrypted? What are the requirements when implementing External Key Management? What are the Service integrations and technical considerations in Google EKMWhich GCP services are supported by Fortanix DSM? How Is Google EKM Available with Fortanix Integration? How does international data transfer from Europe work with Fortanix?
AWS External Key StoreWhat is the AWS KMS eXternal Key Store (XKS) service? How does AWS XKS with Fortanix DSM work? What are the benefits of AWS XKS and Fortanix Integration?What are the benefits of Key provenance in AWS XKS?What are the benefits of Key centralization in AWS XKS?What are the benefits of Key control in AWS XKS?Which AWS cloud services are supported by AWS KMS External Key Store? How can AWS XKS integrate with Fortanix DSM? How does international data transfer from Europe work with Fortanix? How does Fortanix DSM as XKS affect KMS service reliability and performance? What is the latency of the XKS service offered by DSM SaaS? Do AWS Services cache Data Encryption Keys serve by AWS KMS? For how long?
Can I secure containers in the cloud or across different clouds?
An innovative approach proving effective is to run the cloud containers in a trusted execution environment (TEE), also known as a secure enclave. This technology removes the risk associated with trusting the infrastructure or a user. Even if the infrastructure is compromised or the root user is hacked, the application remains secure and encrypted, unusable by attackers.
A modern technology called confidential computing is proving to be a successful approach to addressing these challenges. When combined with secure enclaves, confidential computing platforms enable data in containers to be securely executed inside the enclave without the cost and complexity of using a secure enclave alone.
The confidential computing approach involves decrypting and analyzing data only when it is within a secure enclave protected by certain hardware technologies. Confidential computing enables software to run safely in a secure enclave, creates keys to decrypt data, runs the analysis, and encrypts the result. Other than cloud computing, there are no solutions that let organizations securely run containers in the cloud while adhering to regulations and privacy.
Confidential computing can help organizations meet compliance requirements for GDPR, CCPA (the California Consumer Privacy Act), and other similar regulations. It also provides fine-grained access controls for the datasets in use in containers. With this novel approach, the aggregate data is never exposed outside the secure enclave. Private analytics with confidential computing is easy to use and efficient. It offers a scalable system critical for deploying containers.
Organizations can monitor the lifecycle of secure enclaves that run the container applications with confidential computing, which provides unique features such as remote attestation, geolocation enforcement, DRM, secret injections, and more. In addition, the platform seamlessly integrates with existing container orchestration technologies, including Kubernetes, Docker Swarm, and OpenShift.