In this blog we will describe common application threats and how Fortanix Runtime Encryption® protects application assets from these threats on untrusted platforms including public cloud. We will use a 3-tiered application as an example with Nginx as the front-end load balancer tier, Python Flask as the application server tier and MariaDB as the data tier.
Fortanix is delighted to partner with Alibaba Cloud. We have seen multiple customers reach out to us about the best practices of securing their sensitive digital assets while operating overseas. Intel® SGX offers the incredible level of security by removing the cloud provider and infrastructure entirely from the trust boundary. Alibaba Cloud launched commercial Intel® SGX cloud servers as ECS bare metal instances in April 2018.
The Big Hack demonstrates that the cyber warfare has moved from the realm of the software to the realm of the hardware. Software-based security, such as anti-malware, firewall, user behavior analysis, network flow analysis, etc. are ineffective in the face of such sophisticated attacks.
Today, we are excited to announce that Fortanix Self-Defending Key Management Service (SDKMS) has achieved VMware Ready status for vSphere and vSAN. The joint VMware and Fortanix SDKMS solution offers scalable data protection and compliance for software-defined data center and cloud environments.
The Fortanix team had a great RSA 2018 Conference. Starting with winning second place on Innovation Sandbox Contests and over the next few days at the Intel booth and Equinix booth, the Fortanix team had great discussions with hundreds of security architects, executives, and partners.
In conversations with customers, we find a strong demand to be able to run sensitive application logic and custom cryptographic schemes inside an HSM-grade trust boundary. To address this demand, Fortanix developed a Runtime Encryption® Plugin capability for Fortanix Self-Defending Key Management Service™ (SDKMS) and Equinix SmartKey™, powered by Fortanix.
For historical reasons and technological barriers traditional HSM and key management did not, and still cannot, be delivered as a managed service. But what if they could be delivered as a secure, easy and simple to consume managed service?
While encryption remains an effective data protection control, it is increasingly difficult to use to protect databases given rapid data growth, clustering of databases and distribution of databases across geographies, across clouds.
At Fortanix we are building a new class of solutions called Runtime Encryption, leveraging Intel® SGX, to protect applications and data in use. We often receive inquiries about the impact of side channel attacks on Intel® SGX and Fortanix solutions.
When it comes to the adoption of hybrid or multi-cloud IT, we find in our customer conversations that it's not a question of whether to adopt but rather at what stage of maturity to adopt. To ensure that transition is secure, most customers are rethinking data protection, encryption, and key management controls.
One of the challenges to implementing data at rest encryption is the need for robust key management. Solutions dealing with sensitive or high-value data require the use of a hardware security module (HSM).