Amazon Web Services (AWS) Cloud Key Management with Fortanix

Full control over your AWS cloud keys with Fortanix Data Security Manager SaaS.

Download Datasheet

Request a Demo

AWS Cloud Key Management Service

Overview

Like most other cloud service providers, Amazon Web Services (AWS) offer their own cloud-native key management service to generate and manage master keys. But the native key management comes with its own shortcomings. Some of the drawbacks are as follows:

  • The cloud provider owns the key material, and the key can only be used in one cloud and typically for a single tenant.
  • If a master key is deleted, then there is no way to get that key back. Any data encrypted under that key is lost.
  • No consistent way of setting fine-grained controls over key management policies across multi-cloud. Customers do not get a single pane of glass for multi-geo and multi-cloud key management. The policy framework and auditing will be different for every cloud.

Why Fortanix?

AWS Native Customer Master Key Management

Fortanix Bring Your Own Key solution for AWS

Key generation Key material is owned and generated by AWS KMS. Key material is owned and generated in the customer- owned external KMS/HSM.
Key control Key material belongs to AWS KMS and cannot be exported by the customers. Key material belongs to the customer and can be exported if needed.
Multi-region/tenant support Key material is unique to one region and account. Key material is unique, however, can exist in more than one region and/or AWS accounts concurrently.
Disaster recovery To pull a kill switch, the key will need to be permanently deleted, but then it cannot be restored. To pull a kill switch, only the key material can be deleted, but then it can be restored on-demand.

Fortanix Data Security Manager allows organizations to Bring Your Own Key (BYOK) for AWS cloud. With this approach customers bring or import their own master key, which AWS stores in their key management system and encrypts all Data Encryption Keys (DEKs) under that key. This provides customers with greater control over their data and keys.

byok solution for aws kms

Fortanix DSM Use Cases for AWS

fortanix dsm use cases for aws

How does the Solution Work?

  • An AWS KMS group is created in the Fortanix DSM account, and this group is configured to interact with the AWS KMS.
  • After the AWS group successfully connects to the AWS KMS using the connection details, the keys from the AWS KMS are stored in the Fortanix DSM AWS group as virtual keys. A virtual key is a key whose key material is not present in the AWS group. The key material is stored securely in the AWS KMS

aws kms user guide

AWS Cloud Key Management

Ready to test Fortanix Runtime Encryption?

request a demo
AWS Cloud Key Management
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712