Data Security Manager

Transparent
Encryption Proxy

Secure sensitive business data without any code changes

What you get:

  • Transparently encrypt/decrypt in transit the application data without modifying application code.
  • Application agnostic, scalable solution that intercepts and encrypts data on the fly.
  • Add on capability to Fortanix Data Security Manager suite.
Transparent Encryption Proxy

Overview

In the age of global digital transformation, the applications ecosystem has become more fragmented than ever before. Microservices, Kubernetes, cloud-native applications, IoT, mobile etc. have made the applications not only transient, but also heterogenous in terms of languages they are written in and platforms they run on. Off course, regardless of the technology or platform these applications belong to, if these applications need to comply with PCI-DSS, GDRP, CCPA and other data protection regulations, then the data these applications are generating must be encrypted.

Transparent Encryption encrypts/decrypts over the network as data flows between apps. Confidential data generated by an application can be automatically encrypted over the wire before it reaches any other apps. Applications that need access to confidential data only receive the data for which that app has permission. Data access policies are centrally managed, securely stored and locally enforced.

Fortanix Solution for transparent encryption of application data

Fortanix offers a modern, application agnostic solution that enables business to transparently encrypt data in real time, in-flight with a high throughput. Fortanix solution for Transparent encryption is an add-on capability that runs inside Fortanix Data Security Manager (DSM) and makes it possible to transparently encrypt and decrypt the data at scale generated by applications without requiring any code changes.

What the Fortanix solution for
Transparent Encryption (TEP)does

Dynamically encrypt/decrypt the data.
Dynamically encrypt/decrypt the data.
Fortanix solution for Transparent Encryption (TEP) allows applications to encrypt/decrypt  data dynamically by ingesting data in any form (binary files, strings, excel, JSON, word etc.).
Implemented as NGINX plugin.
Implemented as NGINX plugin.
SaaS or any on-premises application will request encrypt/decrypt operations via an API call to the TEP which is based on NGINX, TEP's design preserves underlying NGINX capabilities.
Secure inside the Fortanix Data Security Manager.
Secure inside the Fortanix Data Security Manager.
Identification and de-identification of data happens securely inside Fortanix Data Security Manager.
Supports role-based access controls.
Supports role-based access controls.
TEP supports role-based access control of users within Data Security Manager and Data Security Manager can be integrated with Active Directory or SSO. 
Centrally manage application data.
Centrally manage application data.
Fortanix Data Security Manager provides centralized management of the applications to integrate with and configure on which fields to monitor with automated provisioning of configuration to TEP. 
Selective encryption.
Selective encryption.
Only the data type that is described in the data classification schema will be encrypted securely inside the DSM.

Benefits

Secure data on the fly and without application code changes

Secure data on the fly and without application code changes

Fortanix Transparent Encryption Proxy solution empowers customers to dynamically protect their business sensitive data transparently on-the-fly in a highly scalable manner with zero application code change.

High emphasis on security

High emphasis
on security

All crypto operations happen inside the secure enclave Fortanix Data Security Manager (DSM).

Restricted access to data

Restricted access
to data

Each request to encrypt/decrypt data can be further restricted via highly granular role-based access control and/or IP whitelisting and/or highly customizable crypto policies.