Fortanix Data Security Manager for VMware Sovereign Cloud
Market Need
VMWare Sovereign clouds offer continuous protection and secure accessibility controls to enable new values and opportunities data protection. Protect and control confidential or restricted data with the data residency and data sovereignty that a sovereign cloud provides, ensuring compliance with changing data privacy laws using a trusted cloud that supports a nation’s digital economy. Virtual environments running VMware can read- ily leverage vSphere VM Encryption or vSAN encryption to protect VMs and data-at-rest. However, enterprise key management that is both secure and adaptable to a dynamic software-defined infrastructure remains a challenge. Traditional HSMs require proprietary hardware and are inflexible for a software-defined data center. Software-only key managers on the other hand do not offer the protection of HSMs.
Solution Overview
The joint VMware and Fortanix solution offer scalable data protection and compliance for VMware Sovereign cloud environments. Fortanix Data Security Manager (DSM), is a unified HSM and Key Management solution that easily integrates via KMIP for VMware vSAN and vSphere VM encryption, enabling sovereign cloud customers to bring and manage their own keys. Fortanix DSM makes it possible for VMware Sovereign cloud providers to deliver Data Protection and compliance to the end customers (tenants). Secured with Intel® SGX, Fortanix DSM delivers HSM security with software defined simplicity, and a cloud scale architecture.
Fortanix DSM with built-in multi-tenancy, when integrated together with VMware Sovereign cloud, enables ser- vice provider partners the ability to offer Bring Your Own Key (BYOK) for VM encryption and vSAN Encryption, FIPS 140-2 Level 3 HSM protection, key management, tokenization, and secrets management through a single platform, hosted within the VMware Sovereign Cloud boundary.
Deployment – VMware Sovereign Cloud Boundary
The VMware Cloud Provider partners can host Fortanix Data Security Manager out of the HSM appliances run- ning in their data centers within the VMware Sovereign cloud boundary. Each VMware Sovereign cloud customer will have a dedicated vCentre where they can configure Fortanix Data Security Manager as an external key manager. The customer will have full control of the keys and the VMware Cloud Provider partner will have zero access/visibility to the keys. The keys never leave the sovereign cloud boundary.
- • Only Customers will have access to the keys. Providers have zero visibility.
- • Keys will be generated and managed in Customer controlled Fortanix DSM account
- • Multi-tenancy: Each customer account is separated from each other
Fortanix DSM for VMware Sovereign Cloud
Multi-tenancy Platform with Customer Managed Keys
Benefits of Using Fortanix Data Security Manager in VMware Sovereign Clouds
Bring Your Own Key for VM and vSAN Encryption
Fortanix Data security provides VMware users an option to bring their own keys to encrypt VMs/vSAN and other encryption use cases
FIPS 140-2 Level 3 HSM Backed Platform
Customers store the keys in the Fortanix FIPS 140-2 Level 3 certified HSM and cryptographic operations are executed securely within the hardware.
Complete Key Lifecycle Management
Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across on-premises and multi-cloud environments, including bring your own key (BYOK) and bring your own key management service (BYOKMS).
Tokenizing Sensitive Data
Tokenizing Sensitive Data- Combination of Format Preserving Tokenization (FPE) and role-based access control (RBAC) for application running on VMware Sovereign, helps in protecting sensitive data. With Fortanix, relevant users can get authenticated through RBAC, query the data, and tokenize data on the fly.
Database Encryption
Fortanix integrates with native database encryption to manage and store the cryptographic keys required to encrypt all your databases including Oracle, SQL Server, MongoDB, PostGres, MySQL, Maria DB, IBM DB2 and more on VMware Sovereign cloud.
Secrets Management
Fortanix offers a secure secrets management solution that can manage secrets natively in the cloud and on-prem- ises, providing extensive RESTful APIs through open standards such as OAuth, OpenID (SAML), LDAP, JWT, and PKI.
Benefits of Using Fortanix Data Security Manager in VMware Sovereign Clouds
Quick Time to Value
5 Minutes for implementation versus 2-3 weeks with other HSM services.
Greater Control Over the Keys
Control the keys externally, turn the keys off, turn them on when required and get control over data.
Own Your Data and Keys
Using Fortanix DSM, VM encryption keys for are managed and owned by the customers.
Strict Access Control and Quorum Approvals Safeguard Data
Segregation of the key man- agement operations based on roles and permissions ensures control over data.
Meet GDPR and SCHREMS II Regulations
FIPS certified HSM and key management with regional level isolation helps meet specific data privacy regulations.
