Data Security Manager

Encryption Proxy

Secure sensitive business data without any code changes

What you get:

  • Transparently encrypt/decrypt in transit the application data without modifying application code.
  • Application agnostic, scalable solution that intercepts and encrypts data on the fly.
  • Add on capability to Fortanix Data Security Manager suite.
TEP Image


In the age of global digital transformation, the applications ecosystem has become more fragmented than ever before. Microservices, Kubernetes, cloud-native applications, IoT, mobile etc. have made the applications not only transient, but also heterogenous in terms of languages they are written in and platforms they run on. Off course, regardless of the technology or platform these applications belong to, if these applications need to comply with PCI-DSS, GDRP, CCPA and other data protection regulations, then the data these applications are generating must be encrypted.

Transparent Encryption encrypts/decrypts over the network as data flows between apps. Confidential data generated by an application can be automatically encrypted over the wire before it reaches any other apps. Applications that need access to confidential data only receive the data for which that app has permission. Data access policies are centrally managed, securely stored and locally enforced.

Fortanix Solution for transparent
encryption of application data

Fortanix offers a modern, application agnostic solution that enables business to transparently encrypt data in real time, in-flight with a high throughput. Fortanix solution for Transparent encryption is an add-on capability that runs inside Fortanix Data Security Manager (DSM) and makes it possible to transparently encrypt and decrypt the data at scale generated by applications without requiring any code changes.

Dotted icon

What the Fortanix solution for
Transparent Encryption (TEP)does

what we do
Dynamically encrypt/decrypt the data.
Fortanix solution for Transparent Encryption (TEP) allows applications to encrypt/decrypt  data dynamically by ingesting data in any form (binary files, strings, excel, JSON, word etc.).
what we do
Implemented as
NGINX plugin.
SaaS or any on-premises application will request encrypt/decrypt operations via an API call to the TEP which is based on NGINX, TEP's design preserves underlying NGINX capabilities.
what we do
Secure inside the Fortanix Data Security Manager.
Identification and de-identification of data happens securely inside Fortanix Data Security Manager.
what we do
Supports role-based access controls.
TEP supports role-based access control of users within Data Security Manager and Data Security Manager can be integrated with Active Directory or SSO. 
what we do
Centrally manage application data.
Fortanix Data Security Manager provides centralized management of the applications to integrate with and configure on which fields to monitor with automated provisioning of configuration to TEP. 
what we do
Selective encryption.
Only the data type that is described in the data classification schema will be encrypted securely inside the DSM.


Secure data on the fly and without application code changes
Fortanix Transparent Encryption Proxy solution empowers customers to dynamically protect their business sensitive data transparently on-the-fly in a highly scalable manner with zero application code change.
High emphasis
on security
All crypto operations happen inside the secure enclave Fortanix Data Security Manager (DSM).
Restricted access
to data
Each request to encrypt/decrypt data can be further restricted via highly granular role-based access control and/or IP whitelisting and/or highly customizable crypto policies.