Bring Your Own Key (BYOK), Hold Your Own Key (HYOK)

Maximize control over your cloud data and keys and meet the most stringent privacy regulations with Bring Your Own Key (BYOK) /Hold Your Own Key (HYOK)

start your free trial request a demo

Overview

Cloud adoption numbers are only looking upwards.
“Gartner forecasts end-user spending on public cloud services to reach $396 billion in 2021 and grow 21.7% to reach $482 billion in 2022.”

But cloud platforms are still considered untrustworthy and this lack of confidence in the data protection of public cloud is limiting organizations from moving workloads to the cloud. Given the ongoing surge in cyberattacks and privacy regulations, most organizations are looking for greater control over their cloud data and keys.

Solution

With Fortanix Data Security Manager, bring own keys to cloud applications/workloads, whether it’s on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or Salesforce. With Bring Your Own Key (BYOK), also known as Hold Your Own Key (HYOK), Fortanix allows customers to bring or import their own master key (CMK), which the cloud provider stores in their key management system (KMS) and encrypts all Data Encryption Keys (DEKs) under that key(s). This gives organizations greater control over their data and meet the most stringent privacy requirements.

Why Bring-Your-Own-Key (BYOK)/Hold-Your-Own-Key (HYOK) approach to securing cloud data

Provides greater control over cloud data and keys as the customer retains control and ownership over the master key material used to decrypt the data encryption keys.

Key can be deleted to stop a data breach and can also be reclaimed by importing it back into the cloud KMS.

Offers greater flexibility as the same keys can be used to secure data across multiple accounts, locations, and regions.

What We Do

BYOK/BYOKMS for Google Cloud Platform (GCP)

Fortanix integrates with Google External Key Manager/BYOKMS capability to generate and store encryption keys outside of Google Cloud (GCP) and within customer datacenters. Customers can achieve an unshared control over their Google Cloud keys and natively encrypted data.

learn more

BYOK/HYOK for Amazon Web Services (AWS)

The Fortanix solution for AWS offers complete automated Bring Your Own Key (BYOK) and lifecycle management for management and automation of native AWS KMS keys (CMK – Customer Master Key) and allows users to manage all keys centrally and securely. 

Learn How AWS BYOK works Download Datasheet

BYOK/HYOK for Microsoft Azure

Fortanix solution for Azure Key Vault (AKV) Key Management offers complete Bring Your Own Key (BYOK) and lifecycle management for management and automation of Azure keys and allows users to manage all keys centrally and securely. Organizations can easily protect information in Azure cloud.

learn more

BYOK/HYOK for Salesforce

Fortanix DSM can be used as HSM backed Software-as-a-service (SAAS) for Fortanix - Salesforce Cache-Only BYOK solution.

Learn More

Benefits

Get full control over keys.

Customers can bring or import a master key which the cloud provider stores within its KMS. This allows customers to retain ownership of the master key material and have greater control over the data stored in the cloud.

Ensure compliance

Additional security components with built-in encryption, key management, and tokenization that can be managed from a single integrated platform.

Stop data breaches with kill switch

Solution provides a central kill switch and a fully managed disaster recovery for all your keys. Key material can be deleted from Fortanix to make a cloud key in "Pending Import" state and stop data breaches. Key material can also be reclaimed by importing it back into the cloud KMS.

Secure data across locations and regions

Offers greater flexibility as the same keys can be used to secure data across multiple accounts, locations, and regions.

Manage multicloud keys from a single pane

Fortanix allows you to manage and control multicloud keys in a completely cloud agnostic way. Organizations can keep full custody of their keys in a FIPS 140-2 level 3 certified HSM.