Overview
In the age of global digital transformation, the applications ecosystem has become more fragmented than ever before. Microservices, Kubernetes, cloud-native applications, IoT, mobile etc. have made the applications not only transient, but also heterogenous in terms of languages they are written in and platforms they run on. Off course, regardless of the technology or platform these applications belong to, if these applications need to comply with PCI-DSS, GDRP, CCPA and other data protection regulations, then the data these applications are generating must be encrypted.
Transparent Encryption encrypts/decrypts over the network as data flows between apps. Confidential data generated by an application can be automatically encrypted over the wire before it reaches any other apps. Applications that need access to confidential data only receive the data for which that app has permission. Data access policies are centrally managed, securely stored and locally enforced.
Transparent Encryption encrypts/decrypts over the network as data flows between apps. Confidential data generated by an application can be automatically encrypted over the wire before it reaches any other apps. Applications that need access to confidential data only receive the data for which that app has permission. Data access policies are centrally managed, securely stored and locally enforced.
Fortanix Solution for transparent encryption of application data
Fortanix offers a modern, application agnostic solution that enables business to transparently encrypt data in real time, in-flight with a high throughput. Fortanix solution for Transparent encryption is an add-on capability that runs inside Fortanix Data Security Manager (DSM) and makes it possible to transparently encrypt and decrypt the data at scale generated by applications without requiring any code changes.
What the Fortanix solution for
Transparent Encryption (TEP)does
Dynamically encrypt/decrypt the data.
Fortanix solution for Transparent Encryption (TEP) allows applications to encrypt/decrypt data dynamically by ingesting data in any form (binary files, strings, excel, JSON, word etc.).
Implemented as NGINX plugin.
SaaS or any on-premises application will request encrypt/decrypt operations via an API call to the TEP which is based on NGINX, TEP's design preserves underlying NGINX capabilities.
Secure inside the Fortanix Data Security Manager.
Identification and de-identification of data happens securely inside Fortanix Data Security Manager.
Supports role-based access controls.
TEP supports role-based access control of users within Data Security Manager and Data Security Manager can be integrated with Active Directory or SSO.
Centrally manage application data.
Fortanix Data Security Manager provides centralized management of the applications to integrate with and configure on which fields to monitor with automated provisioning of configuration to TEP.
Selective encryption.
Only the data type that is described in the data classification schema will be encrypted securely inside the DSM.
Benefits
Secure data on the fly and without application code changes
Fortanix Transparent Encryption Proxy solution empowers customers to dynamically protect their business sensitive data transparently on-the-fly in a highly scalable manner with zero application code change.
High emphasis
on security
All crypto operations happen inside the secure enclave Fortanix Data Security Manager (DSM).
Restricted access
to data
Each request to encrypt/decrypt data can be further restricted via highly granular role-based access control and/or IP whitelisting and/or highly customizable crypto policies.