According to Gartner, 81 percent of businesses are adopting a hybrid cloud and multicloud strategy. The challenges of protecting data and using encryption across public/private cloud, SaaS, and on-premises environments increase complexity, cost and security risk.
The Quest for Security, Agility, and Control of Containerized Workloads. In this blog, we will discuss how developers can make application containers confidential with Fortanix and deploy these containers within the Microsoft AKS platform.
DevOps is fast becoming the standard approach for building software and speeding up application delivery. The recent Oracle-KPMG Threat report 2020 highlights the broad adoption of DevOps across a wide spectrum of enterprises, with nearly two-thirds of respondents already employing DevOps or planning to do so over the next 12-24 months.
According to the Confidential Computing Consortium: “Confidential computing is the protection of data in use using hardware-based Trusted Execution Environments (TEE). A Trusted Execution Environment is commonly defined as an environment that provides a level of assurance of data integrity, data confidentiality, and code integrity.
Nearly 90% of all internet traffic is encrypted with TLS. F5 solutions including BIG-IP and NGINX provide SSL orchestration using TLS encryption, which requires a hardware security module (HSM) and key management system (KMS) to execute and protect the cryptographic operations and keys.
Just like in life, trust is a critical factor in cloud computing. Throughout my journey developing SaaS based products, one question I have constantly heard from potential clients is “where is the data stored?” and “Can I limit your employees' access to our sensitive data?”.
Zero trust architecture promises to solve many of today’s challenges in information security. Here, we look at what “zero trust” means, the role of cryptography in implementing a zero trust architecture, and the importance of key management. We also detail how confidential computing enables zero trust to be taken to the next level.
Organizations are embracing the power of Function-as-a-Service (FaaS). FaaS can be viewed as a very positive and beneficial result coming from years of data successfully migrating and operating in public clouds. AWS Lambda, Azure Functions and Google Cloud are today’s market leading platforms for enterprises to realize the power and benefits of FaaS.
Nearly all enterprises have made a significant investment in VMware infrastructure and now want to embrace migrating those workloads to hybrid and public clouds such as Google Cloud. Google Cloud VMware Engine is the only service that allows you to consume dedicated VMware Cloud environments on Google Cloud.
Today, we are excited to extend the benefits of Fortanix Confidential Computing Manager to developers who have been using Fortanix EDP to build secure enclaves. EDP is now natively integrated with Confidential Computing Manager, and developers can simply add their EDP apps to be managed and orchestrated by Confidential Computing Manager along with other EDP or Enclave OS apps.
Since announcing the integration in November 2019, we have been working with many large enterprises to incorporate this new service and we have learned a lot during the process. In this blog, we explain some of the common requirements large enterprises have for implementing external key management and describe how Fortanix Self-Defending KMS meets those requirements.
Development and deployment of container-based software has become a popular movement in technology. Docker, and container technology in general, has redefined cloud computing and offers significant benefits to developers and companies, including efficiency, cost savings, consistency, reliability, and scalability for the entire DevOps processes.
The software development process has vastly changed in this past decade. Thanks to the relentless efforts of the cloud and virtualization technology providers, we now have nearly limitless compute and storage resources at our fingertips. One may think of this as the first wave of automation within the application development and deployment process.
When it comes to digital business transformation, it’s all about the data. The digital economy is built on the foundation of digital trust. Digital trust relies on protecting sensitive data across its entire lifecycle. According to IDC, by 2025, more than half of all data will be running in the public cloud.
HSMs were introduced, enabling commercial encryption and large-scale data protection for the first time. Guess what -- you’re still using them today and they haven’t changed that much. HSMs play an important role in safeguarding encryption keys but they are expensive, complex to management and are not ready to support public cloud.
In this blog we will discuss the challenges and benefits of using the TensorFlow (TF) library to deploy machine learning (ML) models on the Fortanix Confidential Computing Platform™, followed by simple step-by-step instructions to get you started.
In just a handful of years, the use of cloud computing has transitioned from being a leading-edge strategy to a standard business practice. The efficiency, agility and reduced overheads created by cloud-based services are swiftly becoming essential if an organisation is to remain profitable and competitive.
The benefits of operational efficiency and flexibility delivered by public cloud resources have encouraged today’s organizations to migrate applications and data to external computing platforms located outside the perceived security of on-premises infrastructures.
Intel® Software Guard Extensions (Intel® SGX) technology provides a trusted execution environment (specifically, a secure “enclave”) for applications to operate in, securing the confidentiality and integrity of both the application and its data while the application is running.
On November 20th, Fortanix announced integration between the Fortanix Self-Defending KMS with the Google Cloud External Key Manager (Cloud EKM) service in the session Bringing You More Control: New Services for Data Security and Transparency, featuring a demonstration by joint customer PayPal.
Early morning today, GCP became the first major cloud provider to give its customers the controls needed to protect their data, even when using the native cloud services such as BigQuery. Google unveiled "External KMS" working with Fortanix and PayPal at Next'19 in London.
Today, Fortanix introduced a new feature in the Fortanix Self-Defending KMS to support integration with the Google Cloud’s External Key Manager service, which was announced today at the Google Cloud Next UK conference.
Fortanix Self-Defending KMS is a unified cryptography and key management solution which offers HSM-grade security with software-like scalability, flexibility, and effectiveness. Fortanix has implemented a deterministic HD wallet as an Fortanix Self-Defending KMS plugin which uses the Fortanix Self-Defending KMS native cryptography library.
You’ve probably heard the phrases "The world runs on software" and "Software is eating the world", which date back to 2010 and 2011 respectively. If it was true back then, it is even more true today. We cannot imagine a world without computers, mobile phones or the Internet. Software is also increasingly prevalent in industrial robots, cars, airplanes, televisions and a plethora of IoT devices around the home.
Container-based software development and deployment has become the next big thing in technology. Container technology, especially Docker, is redefining cloud computing and offers tremendous benefits to companies and developers, including consistency, reliability, efficiency, cost savings, and scalability for the entire DevOps processes.
True to its name, Confidential Computing remained, well – confidential – for a rather long time. Until today, with the public announcement of the Linux Foundation Confidential Computing Consortium.
Cloud applications have put trust in the accuracy and security of the code and the cloud infrastructure to ensure their classification and uprightness. But what if, the infrastructure itself is compromised or a hidden gateway in the OS/hypervisor could bargain the application's security or could end up controlling its state. So, what is the solution to it?
This year the RSA Conference is happening March 4th-8th in San Francisco. And, this year’s theme is simply 'Better'. Our young company, Fortanix, will have our first booth, #4518, and we look forward to talking to real Security pros about protecting keys and data regardless of where applications are deployed.
Since our announcement last year on developing our open source Rust SDK, hundreds of developers have shown interest in this platform. Today, we are excited to announce the launch of Fortanix Enclave Development Platform (EDP). Fortanix Enclave Development Platform (EDP) is the preferred way to write Intel SGX enclaves from scratch.
In this blog we will describe common application threats and how Fortanix Runtime Encryption® protects application assets from these threats on untrusted platforms including public cloud. We will use a 3-tiered application as an example with Nginx as the front-end load balancer tier, Python Flask as the application server tier and MariaDB as the data tier.
The Big Hack demonstrates that the cyber warfare has moved from the realm of the software to the realm of the hardware. Software-based security, such as anti-malware, firewall, user behavior analysis, network flow analysis, etc. are ineffective in the face of such sophisticated attacks.
Today, we are excited to announce that Fortanix Self-Defending KMS has achieved VMware Ready status for vSphere and vSAN. The joint VMware and Fortanix Self-Defending KMS solution offers scalable data protection and compliance for software-defined data center and cloud environments.
The Fortanix team had a great RSA 2018 Conference. Starting with winning second place on Innovation Sandbox Contests and over the next few days at the Intel booth and Equinix booth, the Fortanix team had great discussions with hundreds of security architects, executives, and partners.
In conversations with customers, we find a strong demand to be able to run sensitive application logic and custom cryptographic schemes inside an HSM-grade trust boundary. To address this demand, Fortanix developed a Runtime Encryption® Plugin capability for Fortanix Self-Defending KMS™ and Equinix SmartKey™, powered by Fortanix.
For historical reasons and technological barriers traditional HSM and key management did not, and still cannot, be delivered as a managed service. But what if they could be delivered as a secure, easy and simple to consume managed service?
While encryption remains an effective data protection control, it is increasingly difficult to use to protect databases given rapid data growth, clustering of databases and distribution of databases across geographies, across clouds.
At Fortanix we are building a new class of solutions called Runtime Encryption, leveraging Intel® SGX, to protect applications and data in use. We often receive inquiries about the impact of side channel attacks on Intel® SGX and Fortanix solutions.
When it comes to the adoption of hybrid or multi-cloud IT, we find in our customer conversations that it's not a question of whether to adopt but rather at what stage of maturity to adopt. To ensure that transition is secure, most customers are rethinking data protection, encryption, and key management controls.
One of the challenges to implementing data at rest encryption is the need for robust key management. Solutions dealing with sensitive or high-value data require the use of a hardware security module (HSM).