Database Encryption: Simplified Key Management Across Global Databases
Problem
The proliferation of data privacy regulations, the increasing risk of a data breach, and the migration of databases to public cloud are driving many organizations to more broadly implement database encryption at the cell, row and entire database levels. While most databases offer integrated encryption capabilities, the security and compliance of the database relies on secure storage, policy management and audit logging of database encryption key access. At the same time, high performance databases supporting mission-critical application require scalable cryptographic key access available across multiple sites globally.
Solution Overview
The Fortanix DSM provides an integrated key management and hardware security module (HSM) solution designed to support database encryption across multiple datacenter sites, public cloud, and database vendors. By simplifying database encryption, Fortanix enables business to encrypt more sensitive data, comply with privacy regulations and prevent costly data breaches.
Security policies must be coordinated across all data silos, and enterprise key management (EKM) should be implemented. DBAs should not have management responsibility for encryption, but EKM will provide consistent security policies across the different RDBMS platforms.
Gartner, Hype Cycle for Data Management, 2019
How it works
Unlike legacy KMS and HSMs, Fortanix DSM is a cloud-native data security platform that provides integrated cryptographic services through a scalable high-performance architecture that natively supports multisite clustering, disaster recovery and high availability. Fortanix DSM is available as a FIPS validated appliance or can be delivered in a public cloud. Database can integrate with Fortanix through extensive standards-based interfaces such as PKCS#11, KMIP, EKM and UDF. It has both an intuitive web-based user interface and powerful RESTful APIs that accelerate new application integration.
