Overview
The worldwide surge in digitization spree has led to an explosion of machine identities — both in quantity and importance. As a result, a growing number of applications lean on PKI, including DevOps, Internet of Things (IoT), and other cloud & web applications.
Private keys are the cornerstone of PKI-based authentication and digital signing, yet they continue to remain under-protected. Private key storage and rotation techniques are often subject to sub-par security standards and stored in text documents or sent over emails. In some instances, keys are simply generated on an insecure machine and stored in software that cybercriminals can easily circumvent.
Fortanix Solution
AppViewX, integrated with Fortanix DSM, offers a secure certificate management solution by enabling encrypted private key storage using Transparent Data Encryption (TDE). In this setup, private keys are generated and stored within AppViewX, undergoing layered encryption through a Data Encryption Key (DEK), Key Encryption Key (KEK), and Master Encryption Key (MEK). While the encrypted key materials remain in AppViewX, the MEK is securely stored in the FIPS 140-2 Level 3 certified Fortanix HSM and never leaves the hardware. This ensures maximum protection, with private keys generated via Fortanix HSM remaining non-exportable and shielded by Intel® SGX. Ideal for all ADC and server devices, this architecture delivers efficient resource usage and uncompromising data security.
Benefits
On-prem reliability meets cloud-delivered agility
Encrypt and protect private keys using industry standard FIPS 140-2 Level 3 certified Fortanix HSMs irrespective of the environment they are hosted in — on premises, in the cloud, or hybrid.
Gain visibility and control across all certificates and its keys
Fortanix provides a “single pane of glass” modern, multi-tenant, and intuitive user interface for simplified administration and increased control, including extensive logging and auditing across your entire infrastructure.
Enforce policies and ensure compliance across the network
Flexible deployment options with on-prem HSM appliances, SaaS, or software only in the cloud. Store and protect encryption keys with FIPS 140-2 Level 3 HSMs to maintain the highest possible compliance and entropy.
Manage and automate multi-vendor X.509 certificates across multiple devices
X. 509 certificates are the primary vehicle to identify and authenticate people and machines. Managing and protecting these certificates at scale is a tough feat to achieve. Fortanix DSM mitigates that hassle.
Generate, store and manage millions of keys with automation across key lifecycle
Fortanix DSM can scale horizontally and vertically as your demand for managing your keys and secrets increases. This is ensured while providing automated load-balancing, fault-tolerance, disaster recovery, and high availability. Fortanix DSM can be deployed globally and for hybrid or multicloud environments.
Featured Resource
Protecting the Keys to the Kingdom: Secure Key Orchestration and Automation
Watch Webinar
Resource
On-Demand Webinar
Protecting the Keys to the Kingdom: Secure Key Orchestration and Automation
