Bring Your Own Key (BYOK), Hold Your Own Key (HYOK)

Maximize control over your cloud data and keys and meet the most stringent privacy regulations with Bring Your Own Key (BYOK) /Hold Your Own Key (HYOK)

thumbnail

Overview

Cloud adoption numbers are only looking upwards.
“Gartner forecasts end-user spending on public cloud services to reach $396 billion in 2021 and grow 21.7% to reach $482 billion in 2022.”

But cloud platforms are still considered untrustworthy and this lack of confidence in the data protection of public cloud is limiting organizations from moving workloads to the cloud. Given the ongoing surge in cyberattacks and privacy regulations, most organizations are looking for greater control over their cloud data and keys.
Overview

Solution

With Fortanix Data Security Manager, bring own keys to cloud applications/workloads, whether it’s on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure or Salesforce. With Bring Your Own Key (BYOK), also known as Hold Your Own Key (HYOK), Fortanix allows customers to bring or import their own master key (CMK), which the cloud provider stores in their key management system (KMS) and encrypts all Data Encryption Keys (DEKs) under that key(s). This gives organizations greater control over their data and meet the most stringent privacy requirements.

overview image

Why Bring-Your-Own-Key (BYOK)/Hold-Your-Own-Key (HYOK) approach to securing cloud data

why 1
Provides greater control over cloud data and keys as the customer retains control and ownership over the master key material used to decrypt the data encryption keys.
cloud
Key can be deleted to stop a data breach and can also be reclaimed by importing it back into the cloud KMS.
directions
Offers greater flexibility as the same keys can be used to secure data across multiple accounts, locations, and regions.

What We Do

gcp
BYOK/BYOKMS for Google Cloud Platform (GCP)
Fortanix integrates with Google External Key Manager/BYOKMS capability to generate and store encryption keys outside of Google Cloud (GCP) and within customer datacenters. Customers can achieve an unshared control over their Google Cloud keys and natively encrypted data.
aws
BYOK/HYOK for Amazon Web Services (AWS)
The Fortanix solution for AWS offers complete automated Bring Your Own Key (BYOK) and lifecycle management for management and automation of native AWS KMS keys (CMK – Customer Master Key) and allows users to manage all keys centrally and securely. 
azure
BYOK/HYOK for Microsoft Azure
Fortanix solution for Azure Key Vault (AKV) Key Management offers complete Bring Your Own Key (BYOK) and lifecycle management for management and automation of Azure keys and allows users to manage all keys centrally and securely. Organizations can easily protect information in Azure cloud.
salesforce
BYOK/HYOK for Salesforce
Fortanix DSM can be used as HSM backed Software-as-a-service (SAAS) for Fortanix - Salesforce Cache-Only BYOK solution.

Benefits

Get full control over keys.

Customers can bring or import a master key which the cloud provider stores within its KMS. This allows customers to retain ownership of the master key material and have greater control over the data stored in the cloud.

benefit 1

Ensure compliance

Additional security components with built-in encryption, key management, and tokenization that can be managed from a single integrated platform.

Ensure compliance

Stop data breaches with kill switch

Solution provides a central kill switch and a fully managed disaster recovery for all your keys. Key material can be deleted from Fortanix to make a cloud key in "Pending Import" state and stop data breaches. Key material can also be reclaimed by importing it back into the cloud KMS.

Stop data breaches with kill switch

Secure data across locations and regions

Offers greater flexibility as the same keys can be used to secure data across multiple accounts, locations, and regions.

Secure data across locations and regions

Manage multicloud keys from a single pane

Fortanix allows you to manage and control multicloud keys in a completely cloud agnostic way. Organizations can keep full custody of their keys in a FIPS 140-2 level 3 certified HSM.

Manage multicloud keys from a single pane

Get centralized control and audit of keys

Fortanix enables organizations to apply central control and audit the keys using quorum approvals and audit logs.

Get centralized control and audit of keys

Get Started with Fortanix DSM SaaS

start your free trial
thumbnail