Fortanix Data Security Manager for VMware Sovereign Cloud
The joint VMware and Fortanix solution offer scalable data protection and compliance for VMware Sovereign cloud environments.
Market need
VMWare Sovereign clouds offer continuous protection and secure accessibility controls to enable new values and opportunities data protection. Protect and control confidential or restricted data with the data residency and data sovereignty that a sovereign cloud provides, ensuring compliance with changing data privacy laws using a trusted cloud that supports a nation’s digital economy. Virtual environments running VMware can readily leverage vSphere VM Encryption or vSAN encryption to protect VMs and data-at-rest. However, enterprise key management that is both secure and adaptable to a dynamic software-defined infrastructure remains a challenge. Traditional HSMs require proprietary hardware and are inflexible for a software-defined data center. Software-only key managers on the other hand do not offer the protection of HSMs.
Solution Overview
The joint VMware and Fortanix solution offer scalable data protection and compliance for VMware Sovereign cloud environments. Fortanix Data Security Manager (DSM), is a unified HSM and Key Management solution that easily integrates via KMIP for VMware vSAN and vSphere VM encryption, enabling sovereign cloud customers to bring and manage their own keys. Fortanix DSM makes it possible for VMware Sovereign cloud providers to deliver Data Protection and compliance to the end customers (tenants). Secured with Intel® SGX, Fortanix DSM delivers HSM security with software defined simplicity, and a cloud scale architecture.
Fortanix DSM with built-in multi-tenancy, when integrated together with VMware Sovereign cloud, enables service provider partners the ability to offer Bring Your Own Key (BYOK) for VM encryption and vSAN Encryption, FIPS 140-2 Level 3 HSM protection, key management, tokenization, and secrets management through a single platform, hosted within the VMware Sovereign Cloud boundary.
Joint Use Cases
Bring your own key for VM and vSAN encryption
Fortanix Data security provides VMware users an option to bring their own keys to encrypt VMs/vSAN and other encryption use cases
Complete Key lifecycle Management
Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across on-premises and multicloud environments, including bring your own key (BYOK) and bring your own key management service (BYOKMS).
FIPS 140-2 Level 3 HSM backed platform
Customers store the keys in the Fortanix FIPS 140-2 Level 3 certified HSM and cryptographic operations are executed securely within the hardware.
Tokenizing Sensitive Data
Combination of Format Preserving Tokenization (FPE) and role-based access control (RBAC) for application running on VMware Sovereign, helps in protecting sensitive data. With Fortanix, relevant users can get authenticated through RBAC, query the data, and tokenize data on the fly.
Database Encryption
Fortanix integrates with native database encryption to manage and store the cryptographic keys required to encrypt all your databases including Oracle, SQL Server, MongoDB, PostGres, MySQL, Maria DB, IBM DB2 and more on VMware Sovereign cloud.
Secrets Management
Fortanix offers a secure secrets management solution that can manage secrets natively in the cloud and on-premises, providing extensive RESTful APIs through open standards such as OAuth, OpenID (SAML), LDAP, JWT, and PKI.
Deployment – VMware Sovereign cloud Boundary
The VMware Cloud Provider partners can host Fortanix Data Security Manager out of the HSM appliances running in their data centers within the VMware Sovereign cloud boundary. Each VMware Sovereign cloud customer will have a dedicated vCentre where they can configure Fortanix Data Security Manager as an external key manager. The customer will have full control of the keys and the VMware Cloud Provider partner will have zero access/visibility to the keys. The keys never leave the sovereign cloud boundary.
- Only Customers will have access to the keys. Providers have zero visibility.
- Keys will be generated and managed in Customer controlled Fortanix DSM account
- Multi-tenancy- Each customer account is separated from each other
Fortanix DSM for VMware Sovereign Cloud:
Multitenancy Platform with Customer managed keys
3910 Freedom Circle, Suite 104,