Oracle Cloud Infrastructure (OCI) delivers a consistent portfolio of cloud services across global regions, purpose-built for performance, security, and scalability that enterprise workloads demand. Yet for organizations operating under strict data sovereignty requirements or regulatory frameworks, the ability to manage and keep encryption keys outside of Oracle’s control is not optional. For regulated industries and government entities, maintaining exclusive custody of cryptographic material while adopting OCI’s capabilities is a legal and operational imperative.
The Fortanix Solution
Fortanix Data Security Manager (DSM) is a next-generation Hardware Security Module (HSM) with built-in Key Management that offers native support for OCI Vault, enabling enterprises to Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) and giving them full control and ownership of their encryption keys. With Fortanix DSM, a FIPS 140 Level 3 HSM, keys are stored securely and separately from OCI infrastructure. Together, BYOK and HYOK provide the cryptographic foundation for a true Sovereign Cloud strategy, where no cloud provider, including Oracle, can access protected data.
Fortanix is as available as a SaaS offering, thus providing local presence within sovereign regions, while on-premises deployments and local sovereign MSSPs enable more granular localization of key use supporting OCI public cloud, OCI EU Sovereign Cloud, and isolated or air-gapped government regions that require the highest levels of data residency control.

Benefits

Full Key Control with BYOK and HYOK
Generate and exclusively control encryption keys outside of Oracle infrastructure for full cryptographic ownership.

Sovereign Cloud Readiness
Enforce data residency and access policies with cryptographic assurance, ensuring neither Oracle nor any third party can access protected data.

Seamless OCI Integration
Fortanix DSM natively plugs into OCI Vault, delivering a highly available, performant integration that fits seamlessly into existing OCI environments.

Immediate Access Blocking
Instantly revoke access to all protected data-at-rest across any OCI region or service with just a few clicks for a decisive kill switch.

One Centralized Platform for All Your Keys
Manage encryption keys across OCI, other cloud environments, and on-premises infrastructure from a single operational view, with full custody maintained in a FIPS 140 Level 3 certified HSM.

Centralized Audit and Access Control
Apply granular access controls and quorum approval workflows across all key operations, backed by centralized audit logs that satisfy regulatory and forensic requirements.
Key Use Cases

Financial Services
Meet PCI DSS, DORA, and regional banking regulations that require customer-managed keys

Healthcare
Comply with HIPAA, GDPR, and national health data laws with HYOK for patient data

Government
Ensure Sovereign Cloud deployments and control over data access

Global Enterprises
Centrally manage the full lifecycle of encryption keys across all OCI regions



