Blog

Monitoring Intel® SGX Enclaves

Intel® Software Guard Extensions (SGX) enclaves allow users to execute cryptographically signed code in a protected memory region, safe from kernel-mode, or even SMM-mode, access. Code is attested by the CPU, and can then be remotely verified.

Part 2 - Keeping the Keys to Your Kingdom: Google and Fortanix Collaborate to Deliver “BYOKMS”

On November 20th, Fortanix announced integration between the Fortanix Self-Defending Key Management Service (SDKMS) with the Google Cloud External Key Manager (Cloud EKM) service in the session Bringing You More Control: New Services for Data Security and Transparency, featuring a demonstration by joint customer PayPal.

Cloud Security Journey: from Ridiculous to Mainstream to Ridiculous

Early morning today, GCP became the first major cloud provider to give its customers the controls needed to protect their data, even when using the native cloud services such as BigQuery. Google unveiled "External KMS" working with Fortanix and PayPal at Next'19 in London.

Part 1 - Keeping The Keys To Your Kingdom: Google and Fortanix Collaborate to Deliver “BYOKMS”

Today, Fortanix introduced a new feature in the Fortanix Self-Defending Key Management Service (SDKMS) to support integration with the Google Cloud’s External Key Manager service, which was announced today at the Google Cloud Next UK conference.

The Fortanix Opportunity to Reshape Data Protection in Cloud-First World

I recently joined Fortanix as VP of Marketing and wrote this blog to share my thoughts on the business opportunity in front of us.

Blockchain: Offload Security Concerns to Self-Defending Key Management Service ™ (SDKMS)

Fortanix SDKMS is a unified cryptography and key management solution which offers HSM-grade security with software-like scalability, flexibility, and effectiveness. It has a cryptography toolkit, key management, role-based access control, and tamper-proof audit logs. Fortanix has implemented a deterministic HD wallet as an SDKMS plugin which uses the SDKMS native cryptography library.

Why the World is Moving to Hardware-Based Security

You’ve probably heard the phrases "The world runs on software" and "Software is eating the world", which date back to 2010 and 2011 respectively. If it was true back then, it is even more true today. We cannot imagine a world without computers, mobile phones or the Internet. Software is also increasingly prevalent in industrial robots, cars, airplanes, televisions and a plethora of IoT devices around the home.

Trust and Integrity in the Cloud - Manage your secure containers with Fortanix RTE

Container-based software development and deployment has become the next big thing in technology. Container technology, especially Docker, is redefining cloud computing and offers tremendous benefits to companies and developers, including consistency, reliability, efficiency, cost savings, and scalability for the entire DevOps processes.

Confidential Computing: The Early Bird Catches the Worm or, what do you do with Confidential Computing

True to its name, Confidential Computing remained, well – confidential – for a rather long time. Until today, with the public announcement of the Linux Foundation Confidential Computing Consortium.

How to keep your data confidential and mine it too: Private multi-party analytics with Fortanix RTE.

Data-driven decision-making is the norm for businesses of all shapes and sizes, and it is creating a large business opportunity for organizations that are sitting on a massive pile of data.

How Guided User Experience Helps with Easy User Onboarding

User onboarding, simply put is the process of introducing new users to your product. It is a series of interactions or instructions that guides a user to make their product experience easy.

Why are Enclaves Taking Over the Security World

Cloud applications have put trust in the accuracy and security of the code and the cloud infrastructure to ensure their classification and uprightness. But what if, the infrastructure itself is compromised or a hidden gateway in the OS/hypervisor could bargain the application's security or could end up controlling its state. So, what is the solution to it?

In the advent of RSA 2019: How to put the birds back in the cage

As RSA Conference is growing bigger and noisier every year, it’s becoming harder to take a bird’s-eye view of the security space. Still, a few observations can be drawn.

Here comes the RSA 2.0.
Will RSA be 'Better' this year?

This year the RSA Conference is happening March 4th-8th in San Francisco. And, this year’s theme is simply 'Better'. Our young company, Fortanix, will have our first booth, #4518, and we look forward to talking to real Security pros about protecting keys and data regardless of where applications are deployed.

Announcing Fortanix Enclave Development Platform

Since our announcement last year on developing our open source Rust SDK, hundreds of developers have shown interest in this platform. Today, we are excited to announce the launch of Fortanix Enclave Development Platform (EDP). Fortanix Enclave Development Platform (EDP) is the preferred way to write Intel SGX enclaves from scratch.

How to protect your applications on public and private clouds using Fortanix Runtime Encryption®

In this blog we will describe common application threats and how Fortanix Runtime Encryption® protects application assets from these threats on untrusted platforms including public cloud. We will use a 3-tiered application as an example with Nginx as the front-end load balancer tier, Python Flask as the application server tier and MariaDB as the data tier.

Fortanix and IBM Cloud extend cloud security collaboration with new Data Shield powered by Runtime Encryption®

Today, we are taking the next step on our journey to bring Runtime Encryption® to the cloud by announcing the experimental release of IBM Cloud Data Shield.

SDKMS is now available on Alibaba Cloud!

Fortanix is delighted to partner with Alibaba Cloud. We have seen multiple customers reach out to us about the best practices of securing their sensitive digital assets while operating overseas. Intel® SGX offers the incredible level of security by removing the cloud provider and infrastructure entirely from the trust boundary. Alibaba Cloud launched commercial Intel® SGX cloud servers as ECS bare metal instances in April 2018.

Never bring a knife to a gunfight!

The Big Hack demonstrates that the cyber warfare has moved from the realm of the software to the realm of the hardware. Software-based security, such as anti-malware, firewall, user behavior analysis, network flow analysis, etc. are ineffective in the face of such sophisticated attacks.

How to Protect Sensitive Data in Virtual Environments

Today, we are excited to announce that Fortanix Self-Defending Key Management Service (SDKMS) has achieved VMware Ready status for vSphere and vSAN. The joint VMware and Fortanix SDKMS solution offers scalable data protection and compliance for software-defined data center and cloud environments.

HSM Security with Cloud Like Economics

I have spent over a decade helping customers derive value from HSMs (Hardware Security Modules). HSM deliver confidentiality for encryption keys in a physically hardened appliance, protecting against insider and external threats.

Why we chose Intel® SGX to power Runtime Encryption

Various security technologies are currently available from vendors such as AMD, Intel, ARM, and Microsoft. How do you choose which one to use? In this post I'll explain the main reasons Fortanix® chose Intel® SGX.

Findings from Fortanix’s RSA Conference Cloud Security Survey

The Fortanix team had a great RSA 2018 Conference. Starting with winning second place on Innovation Sandbox Contests and over the next few days at the Intel booth and Equinix booth, the Fortanix team had great discussions with hundreds of security architects, executives, and partners.

Beyond the Basics: Protect your code and business logic with Runtime Encryption® Plugins

In conversations with customers, we find a strong demand to be able to run sensitive application logic and custom cryptographic schemes inside an HSM-grade trust boundary. To address this demand, Fortanix developed a Runtime Encryption® Plugin capability for Fortanix Self-Defending Key Management Service™ (SDKMS) and Equinix SmartKey™, powered by Fortanix.

Why can't HSM and key management be provided to you as a managed service? Or can they?..

For historical reasons and technological barriers traditional HSM and key management did not, and still cannot, be delivered as a managed service. But what if they could be delivered as a secure, easy and simple to consume managed service?

Fortanix will be showcasing Runtime Encryption® at IBM Think

We’re very excited about the conference, which will be our first appearance at IBM Think since announcing our collaboration with IBM Cloud and Intel to bolster trust and security in the cloud.

How to protect Oracle and Microsoft SQL Databases using SDKMS with Transparent Data Encryption

While encryption remains an effective data protection control, it is increasingly difficult to use to protect databases given rapid data growth, clustering of databases and distribution of databases across geographies, across clouds.

Upcoming Intel® SGX Features Explained: Improved Virtualization, Configuration Management, and Key Sharing

In an update to the Intel Software Developer's Manual (SDM), Intel detailed upcoming changes to the Intel® SGX instruction set.

5 Things you need to know about Side Channels and Runtime Encryption® with Intel® SGX

At Fortanix we are building a new class of solutions called Runtime Encryption, leveraging Intel® SGX, to protect applications and data in use. We often receive inquiries about the impact of side channel attacks on Intel® SGX and Fortanix solutions.

How to BYOK to the Cloud using Fortanix SDKMS

When it comes to the adoption of hybrid or multi-cloud IT, we find in our customer conversations that it's not a question of whether to adopt but rather at what stage of maturity to adopt. To ensure that transition is secure, most customers are rethinking data protection, encryption, and key management controls.

How to encrypt data at rest on AWS, Azure, and Google Cloud block storage using Fortanix SDKMS

One of the challenges to implementing data at rest encryption is the need for robust key management. Solutions dealing with sensitive or high-value data require the use of a hardware security module (HSM).

How to secure legacy applications using format-preserving encryption and tokenization

When retrofitting security onto legacy applications, dealing with the binary blobs you get from standard encryption techniques can be inconvenient.

Secure by design: Rust and Runtime Encryption

At Fortanix, we are big proponents of deterministic security. Designing in security from the get-go by using secure programming principles is a big part of that.

Meltdown and Spectre vulnerabilities provide important lessons and highlight what’s wrong with the state of security today

Several customers have reached out to Fortanix for feedback on the newly found CPU vulnerabilities.

Fortanix and IBM partner on Runtime Encryption® to bolster Trust in Cloud Computing

Fortanix is pleased to collaborate with IBM to offer an early access of the IBM Cloud Data Guard preview that firmly tips the balance in favor of cloud. IBM Cloud Data Guard offers applications the protection of data in use and is powered by Fortanix’s Runtime Encryption® platform.

Fortanix and Equinix Collaborate to launch Equinix SmartKey™ Beta program

Earlier this year, Fortanix launched a radical new technology based on Intel’s SGX, delivering Runtime Encryption® to protect applications and data in use. Today, we are excited to announce our collaboration with Equinix to launch the Equinix SmartKey™ public beta program, industry’s first HSM-as-a-Service.

On malleability of security software

Apple could have weakened its iPhone security architecture with a simple software update.

Provable defense against cyber breaches: Introducing Fortanix

It’s a big and exciting day for us at Fortanix —  I’m thrilled to announce our series-A financing of over $8M to bring Runtime Encryption™ to enterprises.