Google External Key
Manager (EKM)

Create, store, and manage your encryption keys outside the cloud with Fortanix Data Security Manager (DSM) and adhere to data privacy regulations such as GDPR and Schrems II

ekm video


Compliance regulations like Schrems II ruling and GDPR require organizations to have the ability to revoke access to data at any time and store the encryption keys outside the cloud as additional data protection measures. To comply, an External Key  Management system or Bring-Your-Own-Key-Management-System (BYOKMS) approach is critical. And that is precisely why Google has introduced the External Key Manager (EKM) service. With this mechanism, you can protect the data at rest by using encryption keys stored and managed by a third-party key management system (KMS) outside the cloud, meet privacy requirements and ensure enhanced security for your cloud data. 
Overview Image GCP

Fortanix Solution

Fortanix integrates with Google Cloud Platform (GCP) External Key Manager service to enable organizations to move the data to the cloud and get the same level of security for keys that they're used to in their own on-prem environments. Encryption keys are always under customer control and stored inside a FIPS 140-2 level 3 certified HSM, away from the cloud. At a click of a button, in real time, enable and disable access to your data from specific instances and locations.

Overview Image

Why Fortanix?

  • The solution can be consumed as a service most suited for cloud migration.
  • Hold the master keys in a FIPS 140-2 level 3 certified HSM, keys are never cached or stored in Google Cloud.
  • Supports all GCP services like BigQuery, Compute Engine, Artifact Registry and more.
  • Disable the keys and prevent data access with Kill switch.
  • Maintain full control and visibility into key creation, location, and distribution of cloud keys.
  • Integrated service supports multiple enterprise key management use cases (database TDE, storage encryption, PKI, etc.)
  • Clustered cloud-native architecture ensures high-availability and disaster recovery.

Fortanix also secures Google Workspace Data

Client-level encryption of user data for apps like Google drive, docs and slides.
Ensure no user-generated data goes unencrypted over the wire
Just toggle a switch and set up in minutes
Just toggle a switch and set up in minutes
Improve data sovereignty and compliance by keeping keys separate from the data


Enhanced security for your data

Enhanced security for your data

The impact of risk from cloud provider insider threats, misconfiguration errors or infrastructure outage​ can be avoided. Cloud providers are also compelled by institutional agencies to respond to lawful discovery orders and this is often done without notifying the customers. With greater control over the data this is preventable.
Complete Control of Keys

Complete Control of Keys

Fortanix solution offers a kill switch, which allows administrators to stop decryption of data-at-rest in certain GCP services by simply disabling their key in Fortanix. At a click of a button, in real time, enable and disable access to your data from specific instances and locations.
Achieve Compliance

Achieve Compliance

Compliance mandates require organizations to separate keys from the data it protects. Fortanix helps meet compliance by allowing them to manage own keys and secure them by storing them in FIPS 140-2 Level 3 certified hardware security modules (HSMs). Keys can also be held within regional or national boundaries as per the customer’s compliance mandates.
Centralized tamper-proof audit trail

Centralized tamper-proof audit trail

Fortanix provides a single, simple, and centralized encryption platform that accelerates moving applications to public cloud, while providing a single set of cryptographic services for on-premises, hybrid, and cloud workloads. Organizations can centrally implement encryption and security capabilities like quorum approvals, key rotation, auditing, and logging etc.
Paypal Logo
quote iconWhen you move to the cloud, you lose that control...
So the Fortanix solution brings an ability to control the keys externally. You can turn the keys off, turn them on– they are totally under your control. The other advantage is with PayPal’s requirements is it actually enables new business use cases to go to the cloud.
quote icon