Problem
Today, data goes unprotected because cryptography is often underutilized, misconfigured, and siloed between different environments and groups. Organizations have accumulated different types and brands of legacy HSMs to meet their Public Key Infrastructure (PKI), encryption and key management requirements. These systems must be managed separately, are hard for application developers to use and are not equipped to migrate applications to the cloud. Continuing to maintain legacy HSMs is costly, slows down application development and makes it difficult to migrate to public cloud.
NOT CLOUD-READY
COMPLEX
EXPENSIVE
SRM leaders must review a full enterprise key management strategy that covers both on-premises and cloud environments and, where possible, uses a single vendor product to provide consistent key management backup and policy rules…
— Gartner, Hype Cycle for Data Security, 2019
Solution: Fortanix HSM Gateway
Fortanix HSM Gateway, an extension to the Fortanix Data Security Manager (DSM), offers a modern approach to data security. Fortanix HSM Gateway connects to the legacy HSMs you already have and makes their keys manageable and accessible through Fortanix. The keys stay secure in the existing HSM, while applications and databases (on-premises or in the cloud) get a single source of cryptographic services, and security teams get a single pane of glass to manage and audit.
Lower Costs While Protecting Investments
Fortanix enables customers to reduce the cost and complexity of their HSM infrastructure by consolidating all HSMs into a single cost-effective solution. Over time customers can migrate keys and replace HSM hardware with a modern scalable solution.
Accelerate Cloud Migration
Fortanix HSM gateway enables businesses to seamlessly move between on-premises and public cloud infrastructures with a single consistent set of cryptographic services and keys.
Easy to Use Single Solution
Fortanix provides a “single pane of glass” modern, multi-tenant, and intuitive user interfaces for simplified administration and increased control, including extensive logging and auditing across your entire infrastructure.
How it works
The Fortanix HSM Gateway proxies all crypto API calls from both on-premises and cloud applications and databases to legacy on-premises HSMs through a unified set of interfaces including REST, PKCS#11, KMIP, JCE and CNG. Master key material remains in the legacy HSM, while Fortanix creates corresponding virtual keys. All keys are managed, rotated, and revoked through the Fortanix web interface or APIs. When administrators are ready to migrate from their legacy HSMs, they can migrate keys to Fortanix FX 2200 appliances (FIPS 140-2 Level 3) and/or use Fortanix Data Security Manager in public cloud.