Fortanix Data Security Manager (DSM) Overview
Fortanix offers a modern, application and cloud agnostic solution that enables businesses to transparently encrypt data in real time, in-flight with a high throughput. Here is a brief overview of Transparent Encryption Proxy (TEP) solution.
- Allows applications to encrypt/decrypt data dynamically by ingesting data in any form (binary files, strings, excel, JSON, word etc.).
- Identification and de-identification of data happens securely inside Fortanix Data Security Manager (DSM).
- All applications requesting de-identification of data will either send a schema along with the API call or will need to configure or store a schema beforehand in DSM. This de-identification schema will basically call-out all the data types that need to be de-identified.
- Transparent Encryption Proxy (TEP) will internally know how to parse the input files and identify one or more strings in the file that will map to one or more of these data types and de-identify those strings accordingly using Format Preserving Encryption (FPE). All applications can have same or unique de-identification schema.
High Level Architectural Steps
- SaaS or any on-premises application will request encrypt/decrypt operations via an API call to the TEP which is based on NGINX, TEP’s design preserves underlying NGINX capabilities.
- All encrypt/decrypt operations will be performed by the DSM at request of TEP (Refer to the below diagram).
- TEP will unzip the file if needed, decode & identify the fields / data to be deidentified per schema and only those fields will be sent to DSM for encryption.
- TEP will request decryption operations from DSM without requiring a schema. Again, only fields / data to be decrypted will be sent to DSM for decryption.
- TEP supports role-based access control of users in DSM and DSM can be integrated with Active Directory or SSO.
- Fortanix DSM provides centralized management of the applications to integrate with and configure on which fields to monitor with automated provisioning of configuration to TEP.