
Key Management
Full key lifecycle management across cloud and hybrid
Key Management Service (KMS) provides unified key management and encryption services across multicloud and hybrid infrastructures. KMS is the foundation for the Fortanix Data Security Manager SaaS (DSM SaaS) suite of capabilities. Add tokenization, automated cloud key management, management of legacy HSMs, and other capabilities to create a single comprehensive solution.
External Key Manager
(Bring your own key management as a service) Fortanix has partnered with GCP to create Google Cloud External Key Manager (EKM), the first solution to enable customers to bring their own key management system as an external key manager.
Bring-Your-Own Key (BYOK)
BYOK is a solution in which the customer, rather than the cloud service provider (CSP), controls the encryption keys and therefore the data.
Full Key Lifecycle Management
Fortanix delivers full key lifecycle management such as generation, rotation, expiration, and deactivation to ensure secure and consistent key management across on-premises and multicloud environments.
Automated Key Operations
Automate and simplify your key management operations with automatic key rotation, one click rotation across regions and clouds, key expiration and automatic alerting of key state changes.
Encryption as-a-Service
Enable real security with encryption
Always protect and encrypt data in rest, in motion and in use, across the entire data lifecycle and across all clouds, databases and SaaS services from a single unified solution.
Complete Privacy
End-to-end security for keys and data (at-rest, in-transit, and in-use) protected with layers of defense including Fortanix Runtime Encryption®, Intel® SGX and FIPS-validated hardware; Only authorized users can access keys.
Power Of Intel SGX
Using Intel® SGX allows organizations to isolate the software and data from the underlying infrastructure (hardware or OS) by means of hardware-level encryption.

Watch the Webinar:
Keeping Private Data Private in the Public Cloud: A Data Security Toolkit
Hardware Security Module
Simple, more flexible, and equally secure solution alternative to traditional HSMs
FIPS 140-2 Level 3 certified HSM to store encryption keys and cryptographic operations are securely executed within the module.

FIPS 140-2 Level 3 Certified
Service is FIPS 140-2 Level 3 certified and is supplemented by the power of Intel SGX to protect data in use.
Remote Management With Geographic Scalability
100% remotely managed, the service is geographically scalable to meet the rising demands of key management.

Watch the Webinar:
HSM-as-a-Service-Innovate Before It’s Too Late
Tokenization
Rest API-driven cloud ready tokenization
Tokenization substitutes tokens for sensitive data using REST APIs to achieve privacy compliance.
Vaultless Tokenization
Tokenization service uses a FIPS 140-2 Level 3 compliant HSM to tokenize data. There is no centralized token database required.
Advanced Data Masking
Dynamically mask an entire field or part of tokenized data.
Tokenize Custom Object Or Data Types
User can tokenize any custom objects to protect any kind of data other than a credit card or SSN. Depending on the type of data the users want to protect, create security objects belonging to the tokenized data types.
Download Datasheet:
Fortanix Tokenization

Secrets Management
Natively manage secrets
Fortanix offers a secure secrets management solution that can manage secrets natively in the cloud and on-premises, providing extensive RESTful APIs through open standards such as OAuth, OpenID (SAML), LDAP, JWT, and PKI.
Store Outside The Source Code
Sensitive data and credentials can be stored outside the source code in FIPS 140-2 level 3 certified HSM.

Supports Kubernetes
The secrets don’t need to be exposed while building or deploying the application. Rather, the utility can monitor the environment in real-time and inject secrets at runtime when they are required.
Strong Segregation
Fortanix offers role-based access control (RBAC) for users, applications, and groups with segregation of duties. This gives more visibility into who is reading secrets on the client side.
JSON Web Tokens
Supports JWT authentication to further secure and trust requests, collecting and managing secrets.
Connect To Any DevOps Environment
Easily customizable plugins allow you extend functionality and connect to any DevOps environment.
Read the Blog:
Keeping your app’s secrets secret
Database Encryption
Encrypt data at rest
DSM SaaS provides an integrated key management and HSM designed to support database encryption across multiple datacenter sites, public cloud, and database vendors.
Broad Database Support
Fortanix supports Oracle, SQL Server, MongoDB, PostGres, MySQL, Maria DB, IBM DB2.
Linear Scalability
Fortanix provides linear scalability through multisite clustering to meet any performance needs.
High Availability And Disaster Recovery
DSM SaaS supports both public cloud and on-premises databases from a single solution that has high availability and disaster recovery built-in.

Watch Webinar:
Simplifying security across global databases

Cloud Data Control
Unified cloud data security
Cloud Data Control provides a single, unified solution to manage data security across multiple cloud platforms.
Unified Cloud Key Management
Protect sensitive data across multiple clouds from a single unified solution.
Separate Keys From The Data They Protect
Fortanix Cloud Data Control extends existing cloud-native key management system (KMS) to separate encryption keys from the data being secured, enabling multicloud key management.
Strong Segregation
Fortanix offers role-based access control (RBAC) for users, applications, and groups with segregation of duties. This gives more visibility into who is reading secrets on the client side.

Watch the Webinar:
Multi-Cloud Data Security: Simplifying Key Management, Encryption, Tokenization, and Secrets Across Public, Hybrid and Private Cloud
Integrations
Expand your core functionalities with a scalable integrations ecosystem

State-of-the-art data security
Enterprise grade security to meet your specific use cases and compliance challenges
Transparent Encryption Proxy
Easily encrypt and decrypt data at scale at egress and ingress.
Centralized Policy Management And Controls
Policy management that seamlessly integrates with existing authentication identity providers.
Role-Based Access Control (RBAC)
Role-based access control (RBAC) for users, applications, and groups with segregation of duties.
Tamper Proof Audit Logs
Comprehensive tamper-proof audit logs to track all activity, including administration, authentication, access, and key operations.
Centralized Management
Centralized, intuitive web-based user interface for management.
Secure Business Logic
Securely run sensitive business logic inside trusted boundary with Runtime Encryption plugins. Easily create or customize cryptography logic for your unique business or security requirements.
Application-Friendly Interfaces
Support for RESTful APIs, PKCS#11, KMIP, JCE , Microsoft CAPI, and Microsoft CNG. Easily support all existing and new applications, whether operating in public, private, or hybrid cloud.