Key & Secrets ManagementWhat is Encryption Key Management?What is Secrets Management? What is a Centralized Key Management System? What is Bring Your Own Key (BYOK)? What is a Credentials Management System? What is Key Management Interoperability Protocol (KMIP)? What is a Symmetric Key? What is an Asymmetric Key? What is Key Lifecycle Management?
Multi-Cloud Data SecurityHow do I move my existing data security controls from On-Prem to the Cloud? How do I protect data as I move and store it in the Cloud? How do I ensure the cloud provider does not access my data?Can I use my encryption keys in the Cloud?How do I enforce data residency policies in the Cloud and comply with GDPR? How do I track and monitor data access and usage in the Cloud? Can I secure containers in the cloud or across different clouds? What is the Shared Security Model? What is multi-cloud key management?
Google External Key Manager Service (EKM)What is Google Cloud’s External Key Manager Service?How does Google Cloud’s External Key Manager work?What are the benefits of Key provenance in Google EKM? What are the benefits of Key centralization in Google EKM?What are the benefits of Key control in Google EKM?How Do You Decide When and How Can Your Data Be Decrypted? What are the requirements when implementing External Key Management? What are the Service integrations and technical considerations in Google EKMWhich GCP services are supported by Fortanix DSM? How Is Google EKM Available with Fortanix Integration? How does international data transfer from Europe work with Fortanix?
AWS External Key StoreWhat is the AWS KMS eXternal Key Store (XKS) service? How does AWS XKS with Fortanix DSM work? What are the benefits of AWS XKS and Fortanix Integration?What are the benefits of Key provenance in AWS XKS?What are the benefits of Key centralization in AWS XKS?What are the benefits of Key control in AWS XKS?Which AWS cloud services are supported by AWS KMS External Key Store? How can AWS XKS integrate with Fortanix DSM? How does international data transfer from Europe work with Fortanix? How does Fortanix DSM as XKS affect KMS service reliability and performance? What is the latency of the XKS service offered by DSM SaaS? Do AWS Services cache Data Encryption Keys serve by AWS KMS? For how long?
Code Signing, Certificates, StampingWhat is a Digital Certificate?What is a Certificate Authority? What is Code Signing? What is a Digital Signature? What is Time Stamping?
Public Key InfrastructureWhat is PKI?What is the role of Certificate Authorities (CAs)?What is certification authority or root private key theft? What is inadequate separation (segregation) of duties for PKIs? What is insufficient scalability in a PKI?What is a subversion of online certificate validation?What is a lack of trust and non-repudiation in a PKI?
How do I ensure the cloud provider does not access my data?
Bring Your Own KMS (BYOKMS) offers one of the most secure ways to protect keys and cloud data while providing strong integration with cloud-native services. Unlike BYOK, the cloud provider never has access to the master key. CSE, defined broadly, is encryption applied to data before it is transmitted from a system to a server.
External Key Management/BYOKMS and Client-side encryption can be owned and controlled by organizations, with cloud providers having no access or visibility into the keys. In this approach, the Master key stays outside the customer owned KMS, and all DEKs must be decrypted in the external KMS before they can decrypt the customer data.
Organizations get a single, simple, centralized encryption platform that accelerates moving applications to the public cloud while providing a single set of cryptographic services to on-premises, hybrid, and cloud workloads. The Cloud Workspace data gets encrypted in the browser before taking off to the servers. Organizations can collaborate and scale globally over Cloud Workspace without worrying about keys storage location and management, as keys are never cached on the cloud, and access can be revoked anytime.
Organizations can opt for Confidential Computing technology that can separate and encrypt data, especially data in use, in a hardware-based Trusted Execution Environment (TEE) so that it's not exposed to the infrastructure processing it.