Fortanix Key Management
Problem
The volume of data stored on the public cloud is growing exponentially. With this growth, the challenges of data security, regulatory compliance and the risk of data breaches grow. Cloud-native encryption relies on the cloud platform provider to secure data. Under this approach, cloud providers generate and own the data encryption keys directly to encrypt the data-at rest in cloud. With this approach, customers do not get control over the cloud keys.
Solution Overview
Unlike cloud native solutions, Fortanix allows businesses to retain control and management of encryption keys with centralized management, consistent access control policy and centralized audit logs. Fortanix also offers Bring your own key management service (BYOKMS) allowing customers to store cloud keys externally within own datacenters thereby help meet the most stringent compliance requirements. Flexible deployment options with Software, SaaS and FIPS 140-2 level 3 HSM appliance.
Solution Benefits
Centrally Manage Your Encryption Keys
Fortanix Data Security Manager provides control of and visibility into your key management operations using a cen- tralized web-based UI with enterprise level access controls and single sign-on support. Securely generate, store, and use crypto keys, certificates, secrets, passwords, API Keys, tokens etc.
Single Solution for Multi-Cloud
Fortanix Data Security Manager enables you to make a secure transition to multi cloud. With HSM grade security, FIPS 140-2 level 3 protection for all keys, organizations can adopt BYOK, meet cloud security, compliance requirements and resist cloud provider lock-in.
External Key Manager
Fortanix has partnered with GCP to create Google Cloud External Key Manager (EKM), to enable customers to bring their own key management system and manage keys externally on customers datacenters.
DevOps and Cloud Friendly APIs
Fortanix Data Security Manager supports extensive RESTful APIs, PKCS#11, KMIP, JCE, Microsoft CAPI, and Microsoft CNG. Easily support all existing and new applications, whether operating in public, private, or hybrid cloud.
Solution Highlights
Simplified KMS Policy Management
Apply consistent key management policies across multiple cloud providers, tenants and regions.
Cloud Encryption Key Disaster Recovery
Back up, restore, and re-import master encryption keys for public cloud KMS.
External Key Management
Key Manager extends existing cloud-native KMS to separate encryption keys from the data being secured.
FIPS 140-2 Level 3 Compliant
The solution can also be deployed as a FIPS 140-2 Level 3 HSM.
Flexible Deployment Options
Solution is available as a software, SaaS, and hardware appliance.
Consolidated Audit Logging
Secure, comprehensive audit logs to help meet compliance.
How it Works
Control Keys to the Cloud
Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across multi cloud environments, including bring your own key (BYOK) and bring your own key management service (BYOKMS). Fortanix lets organizations pick the right level of control depending upon business use case and required security posture.
Bring Your Own Key (BYOK)
- Upload master keys
- API to manage keys
- Cloud-based access control
Bring Your Own KMS (BYOKMS)
- Maintain control of keys
- API to encrypt/decrypt
- Granular RBAC and logging
