Key Management

Full key lifecycle management across cloud and hybrid

Feature Image

Key Management Service (KMS) provides unified key management and encryption services across multicloud and hybrid infrastructures. KMS is the foundation for the Fortanix Data Security Manager SaaS (DSM SaaS) suite of capabilities. Add tokenization, automated cloud key management, management of legacy HSMs, and other capabilities to create a single comprehensive solution.

External Key Manager

External Key Manager

(Bring your own key management as a service)
Fortanix has partnered with GCP to create Google Cloud External Key Manager (EKM), the first solution to enable customers to bring their own key management system as an external key manager.

Bring-Your-Own Key (BYOK)

Bring-Your-Own Key (BYOK)

BYOK is a solution in which the customer, rather than the cloud service provider (CSP), controls the encryption keys and therefore the data.

Full Key Lifecycle Management

Full Key Lifecycle Management

Fortanix delivers full key lifecycle management such as generation, rotation, expiration, and deactivation to ensure secure and consistent key management across on-premises and multicloud environments.

Automated Key Operations

Automated Key Operations

Automate and simplify your key management operations with automatic key rotation, one click rotation across regions and clouds, key expiration and automatic alerting of key state changes.

Feature Image

Encryption as-a-Service

Enable real security with encryption

Always protect and encrypt data in rest, in motion and in use, across the entire data lifecycle and across all clouds, databases and SaaS services from a single unified solution.

Complete Privacy

Complete Privacy

End-to-end security for keys and data (at-rest, in-transit, and in-use) protected with layers of defense including Fortanix Runtime Encryption®, Intel® SGX and FIPS-validated hardware; Only authorized users can access keys.

Power of Intel SGX

Power of Intel SGX

Using Intel® SGX allows organizations to isolate the software and data from the underlying infrastructure (hardware or OS) by means of hardware-level encryption.

Play Icon

Watch the Webinar:

Keeping Private Data Private in the Public Cloud: A Data Security Toolkit

Feature Image

Hardware Security Module

Simple, more flexible, and equally secure solution alternative to traditional HSMs

FIPS 140-2 Level 3 certified HSM to store encryption keys and cryptographic operations are securely executed within the module.

FIPS 140-2 Level 3 certified

FIPS 140-2 Level 3 certified

Service is FIPS 140-2 Level 3 certified and is supplemented by the power of Intel SGX to protect data in use.

Remote management with geographic scalability

Remote management with geographic scalability

100% remotely managed, the service is geographically scalable to meet the rising demands of key management.

Play Icon

Watch the Webinar:

HSM-as-a-Service-Innovate Before It’s Too Late

Feature Image

Tokenization

Rest API-driven cloud ready tokenization

Tokenization substitutes tokens for sensitive data using REST APIs to achieve privacy compliance.

Vaultless tokenization

Vaultless tokenization

Tokenization service uses a FIPS 140-2 Level 3 compliant HSM to tokenize data. There is no centralized token database required.

Advanced Data Masking

Advanced Data Masking

Dynamically mask an entire field or part of tokenized data.

Tokenize custom object or data types

Tokenize custom object or data types

User can tokenize any custom objects to protect any kind of data other than a credit card or SSN. Depending on the type of data the users want to protect, create security objects belonging to the tokenized data types.

Play Icon

Download Datasheet:

Fortanix Tokenization

Feature Image

Secrets Management

Natively manage secrets

Fortanix offers a secure secrets management solution that can manage secrets natively in the cloud and on-premises, providing extensive RESTful APIs through open standards such as OAuth, OpenID (SAML), LDAP, JWT, and PKI.

Store outside the source code

Store outside the source code

Sensitive data and credentials can be stored outside the source code in FIPS 140-2 level 3 certified HSM.

Store outside the source code

Supports Kubernetes

The secrets don’t need to be exposed while building or deploying the application. Rather, the utility can monitor the environment in real-time and inject secrets at runtime when they are required.

Strong segregation

Strong segregation

Fortanix offers role-based access control (RBAC) for users, applications, and groups with segregation of duties. This gives more visibility into who is reading secrets on the client side.

JSON Web tokens

JSON Web tokens

Supports JWT authentication to further secure and trust requests, collecting and managing secrets.

JSON Web tokens

Connect to any DevOps environment

Easily customizable plugins allow you extend functionality and connect to any DevOps environment.

Play Icon

Read the Blog:

Keeping your app’s secrets secret

Feature Image

Database Encryption

Encrypt data at rest

DSM SaaS provides an integrated key management and HSM designed to support database encryption across multiple datacenter sites, public cloud, and database vendors.

Broad Database Support

Broad Database Support

Fortanix supports Oracle, SQL Server, MongoDB, PostGres, MySQL, Maria DB, IBM DB2.

Linear Scalability

Linear Scalability

Fortanix provides linear scalability through multisite clustering to meet any performance needs.

High Availability and Disaster Recovery

High Availability and Disaster Recovery

DSM SaaS supports both public cloud and on-premises databases from a single solution that has high availability and disaster recovery built-in.

Play Icon

Watch Webinar:

Simplifying security across global databases

Feature Image

Cloud Data Control

Unified cloud data security

Cloud Data Control provides a single, unified solution to manage data security across multiple cloud platforms.

Unified Cloud Key Management

Unified Cloud Key Management

Protect sensitive data across multiple clouds from a single unified solution.

Separate keys from the data they protect

Separate keys from the data they protect

Fortanix Cloud Data Control extends existing cloud-native key management system (KMS) to separate encryption keys from the data being secured, enabling multicloud key management.

Strong segregation

Strong segregation

Fortanix offers role-based access control (RBAC) for users, applications, and groups with segregation of duties. This gives more visibility into who is reading secrets on the client side.

Play Icon

Watch the Webinar:

Multi-Cloud Data Security: Simplifying Key Management, Encryption, Tokenization, and Secrets Across Public, Hybrid and Private Cloud

Integrations

Expand your core functionalities with a scalable integrations ecosystem

Integrations

State-of-the-art data security

Enterprise grade security to meet your specific use cases and compliance challenges

Hardware Security Module Gateway

Hardware Security Module Gateway

Centrally manage your existing HSMs across environments.

DSM Accelerator

DSM Accelerator

Locally cache keys and accelerate security operations.

Transparent Encryption Proxy

Transparent Encryption Proxy

Easily encrypt and decrypt data at scale at egress and ingress.

Quorum approvals

Quorum approvals

Quorum approval policy (M of N) for enhanced protection.

Centralized Policy Management and Controls

Centralized Policy Management and Controls

Policy management that seamlessly integrates with existing authentication identity providers.

Role-based access control (RBAC)

Role-based access control (RBAC)

Role-based access control (RBAC) for users, applications, and groups with segregation of duties.

Tamper proof audit logs

Tamper proof audit logs

Comprehensive tamper-proof audit logs to track all activity, including administration, authentication, access, and key operations.

Centralized management

Centralized management

Centralized, intuitive web-based user interface for management.

Single Sign On

Single Sign On

SSO support (SAML, OAuth, and Active Directory/LDAP).

SIEM integrations

SIEM integrations

Auditing integration with SIEM tools (Syslog, Splunk, and CSP logging).

Secure Business Logic

Secure Business Logic

Securely run sensitive business logic inside trusted boundary with Runtime Encryption plugins. Easily create or customize cryptography logic for your unique business or security requirements.

Application-friendly interfaces

Application-friendly interfaces

Support for RESTful APIs, PKCS#11, KMIP, JCE , Microsoft CAPI, and Microsoft CNG. Easily support all existing and new applications, whether operating in public, private, or hybrid cloud.

Talk To Sales
DSM SaaS Thumb
x