It seems that the whole world is moving to cloud. Some companies are just taking their first baby steps – lifting and shifting their on-prem workloads into IaaS to save them having to maintain their own data centres and give them more flexibility. Others are re-factoring their workloads to take full advantage of PaaS for greater agility and cost optimization. But nearly all are adopting SaaS as their first choice for off-the-shelf business applications and tooling.
The popularity of SaaS is due to its many compelling benefits:
As more and more sensitive data is migrated to the cloud, it is critical to encrypt or tokenize that data in case it is stolen. While public cloud services provide various native data security offerings, including key management system (KMS) and hardware security module (HSM), these are very limited in capability and are also cloud-specific, making them difficult to manage in a multi-cloud environment. Moreover, the Schrems II ruling in the EU Court of Justice calls into question whether, to be compliant with GDPR, your encryption keys should be entrusted to the same cloud providers that hold your data.
Besides, many companies regard their KMS and HSMs as their “crown jewels”, underpinning the security of their data across multiple environments, and are reluctant to move them out of their own data centers. They may have reasonable concerns about loss of control, limited customization, performance, availability, and security.
How can these concerns be addressed to enable companies to reap the benefits of SaaS for data security?
These are the things you should look out for when selecting a SaaS data security solution:
The problem is finding a solution that ticks all these boxes, which has been an impossible task – until now.
Fortanix Data Security Manager (DSM) SaaS is the world’s first truly scalable, multi-cloud data security service, enabling companies to finally reap the many benefits of a SaaS consumption model.
Fortanix DSM SaaS is a unified data security solution, providing KMS, HSM, secrets management, and tokenization within a single product, managed through a single pane of glass. This provides significant TCO savings, as well as enabling a self-service model for each IT or line-of-business team to manage their own keys without being cryptography experts.
Fortanix DSM SaaS integrates directly with cloud-native KMS and HSM tools, supporting BYOK, BYOKMS, and BYOE for public clouds and third-party SaaS applications, enabling you to manage all your encryption keys from a centralized point with appropriate controls, compliance policies, and audit logs.
Fortanix DSM SaaS supports industry standard cryptographic APIs such as KMIP, PKCS#11, JCE, and CAPI/CNG, as well as providing comprehensive and powerful REST APIs for DevOps and automation, and also bespoke integrations with numerous third-party applications.
Fortanix DSM SaaS is built using our own FIPS 140-2 Level 3 compliant hardware appliances, trusted by banks and Fortune Global 500 enterprises worldwide, and managed in accordance with SOC 2 Type 2 and PCI-DSS. Customer keys and data never leave the selected region (USA, EU, UK, APAC, Australia). We also utilize the latest confidential computing technology to secure customer keys and data, not only at rest and in motion, but also in use – so that attackers (including even malicious admins) are unable to access anything sensitive. Neither Fortanix nor any cloud provider has any access to customer keys or data, even if subpoenaed.
Fortanix DSM SaaS allows you to define your own compliance policies, such as Cryptographic Policies, Quorum Approval Policies, and Key Policies. You can also integrate it with your own enterprise tools, such as SSO, AD, and SIEM. Furthermore, you can write your own “plugin” scripts to implement bespoke integrations, business logic, etc. (or use our library of pre-written plugins) – all running within secure enclaves and inside the FIPS security boundary.
Fortanix DSM SaaS uses an active-active clustering architecture spanning multiple data centres to ensure high availability (with a defined SLA) and provide DR capabilities. Software updates are performed without downtime.
Fortanix DSM SaaS provides seamless scalability. Customers can consume additional keys and bandwidth as required, without worrying about hardware-defined boundaries or limits.
Fortanix DSM SaaS offers high cryptographic throughput, and latency is minimized by having worldwide points of presence and high-speed connectivity into major cloud service providers. For the most performance- or latency-critical applications, the Fortanix DSM Accelerator client can be deployed locally to your workload.
Get our blog updates in your inbox: