Fortanix Key Management

Get complete control and visibility into cloud encryption keys

Problem

The volume of data stored on the public cloud is growing exponentially. With this growth, the challenges of data security, regulatory compliance and the risk of data breaches grow. Cloud-native encryption relies on the cloud platform provider to secure data. Under this approach, cloud providers generate and own the data encryption keys directly to encrypt the data-at rest in cloud. With this approach, customers do not get control over the cloud keys.

Solution Overview

Unlike cloud native solutions, Fortanix allows businesses to retain control and management of encryption keys with centralized management, consistent access control policy and centralized audit logs. Fortanix also offers Bring your own key management service (BYOKMS) allowing customers to store cloud keys externally within own datacenters thereby help meet the most stringent compliance requirements. Flexible deployment options with Software, SaaS and FIPS 140-2 level 3 HSM appliance.

key-management1

Solution Highlights

SIMPLIFIED KMS POLICY MANAGEMENT
Apply consistent key management policies across multiple cloud providers, tenants and regions
CLOUD ENCRYPTION KEY DISASTER RECOVERY
Back up, restore, and re-import master encryption keys for public cloud KMS.
EXTERNAL KEY MANAGEMENT
Key Manager extends existing cloud-native KMS to separate encryption keys from the data being secured.
FIPS 140-2 LEVEL 3 COMPLIANT
The solution can also be deployed as a FIPS 140-2 Level 3 HSM.
FLEXIBLE DEPLOYMENT OPTIONS
Solution is available as a software, SaaS, and hardware appliance.
CONSOLIDATED AUDIT LOGGING
Secure, comprehensive audit logs to help meet compliance.

Solution Benefits

CENTRALLY MANAGE YOUR ENCRYPTION KEYS

Fortanix DSM provides control of and visibility into your key management operations using a centralized web-based UI with enterprise level access controls and single sign-on support. Securely generate, store, and use crypto keys, certificates, secrets, passwords, API Keys, tokens etc.

SINGLE SOLUTION FOR MULTI-CLOUD

Fortanix DSM enables you to make a secure transition to multi cloud. With HSM grade security, FIPS 140-2 level 3 protection for all keys, organizations can adopt BYOK, meet cloud security, compliance requirements and resist cloud provider lock-in.

EXTERNAL KEY MANAGER

Fortanix has partnered with GCP to create Google Cloud External Key Manager (EKM), to enable customers to bring their own key management system and manage keys externally on customers datacenters.

DEVOPS AND CLOUD FRIENDLY APIS

Fortanix DSM supports extensive RESTful APIs, PKCS#11, KMIP, JCE, Microsoft CAPI, and Microsoft CNG. Easily support all existing and new applications, whether operating in public, private, or hybrid cloud.

When you move to the cloud, you lose that control... So the Fortanix solution brings an ability to control the keys externally. You can turn the keys off, turn them on– they are totally under your control. The other advantage is with PayPal’s requirements is it actually enables new business use cases to go to the cloud.

paypal

How it Works

CONTROL KEYS TO THE CLOUD

Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across multi cloud environments, including bring your own key (BYOK) and bring your own key management service (BYOKMS). Fortanix lets organizations pick the right level of control depending upon business use case and required security posture.

byok

BRING YOUR OWN KEY (BYOK)

Upload master keys
API to manage keys
Cloud-based access control

BRING YOUR OWN KMS (BYOKMS)

Maintain control of keys
API to encrypt/decrypt
Granular RBAC and logging

Ready to test Fortanix Runtime Encryption?

request a demo

Technical Support Program

Professional Services

Fortanix Key Management

Problem

Solution Overview

Solution Highlights