Fortanix Delivers Hybrid Cloud Data Security; Integrates Cloud-Native Apps with Legacy

Fortanix is offerings legacy enterprise firms a less disruptive way to deliver reliable end-to-end security across hybrid environments. IDN looks at how Fortanix HSM Gateway integrates cloud apps and databases with legacy on-premises security.

Tags: audit, cloud-native, cryptographic, Fortanix, HSM, hybrid, migration secure,

Fortanix, a provider of runtime encryption solutions, is looking to improve enterprise-wide hybrid security for companies looking to unify on-prem and cloud resources. 


In specific, the company is offering an extension to its Fortanix Self-Defending Key Management Service. The Fortanix HSM Gateway integrates cloud applications and databases with legacy on-premises Hardware Security Modules (HSMs).  [The Fortanix Self-Defending Key Management Service provides a pervasive data security platform with cryptographic services, shared secrets, and tokenization across cloud and on-premises environments from a single centralized point of management, control and audit.] 


In effect, the approach modernizes a company’s HSMs by optimizing data security for on-premises, public cloud, and hybrid cloud environments. 


The HSM gateway solution is architected to allow businesses to modernize their existing data security infrastructure, with ways to simplify and accelerate the migration of data security services to the public cloud, according to Fortanix chief product officer Faiyaz Shahpurwala. 


“Enterprise customers we work with are trying to accelerate their migration to the public cloud, but many are held back by the complexity of migrating or reproducing their legacy HSM and key management infrastructure in the cloud, he said in a statement. 


“Fortanix HSM Gateway adds a critical new capability to Fortanix Self-Defending KMS that provides a single consistent management and application interface for on-premises, hybrid, and public cloud workloads,” he added. 


By consolidating multiple legacy HSMs and key management systems into a single solution, businesses are now able to reduce management costs, accelerate cloud migration, and simplify data security, he added.  


In a recent report, Forrester Research principal analyst Heidi Shey noted that all dimensions of cloud -- private cloud, IaaS, PaaS and SaaS -- require data protection. “Today, 28 percent of global security decision-makers say that one of their primary methods of protecting these environments is to encrypt data before moving it to the cloud,” the report said in part.


Fortanix HSM Gateway Benefits to Hybrid Operations

Fortanix HSM Gateway connects to the legacy HSMs already in place and makes their keys manageable and accessible through Fortanix. 


These keys stay secure in the existing HSM. At the same time, applications and databases (on-premises or in the cloud) get a single source of cryptographic services, and security teams get a single pane of glass to manage and audit.


The HSM gateway is designed to offer three key benefits, according to the company:

Lower costs - by consolidating all HSMs into a single cost-effective solution, it enables customers to reduce the cost and complexity of their HSM infrastructure. Over time customers can migrate keys and replace HSM hardware with a modern, scalable solution.


Accelerate cloud migration - The Fortanix architecture allows businesses to seamlessly move between on-premises and public cloud infrastructures with a single consistent set of cryptographic services and keys.


Ease of use 'single' solution – It also provides a “single pane of glass” intuitive UIs for simpler administration and increased control, including extensive logging and auditing across an entire infrastructure. 

Under the covers, the Fortanix HSM Gateway proxies all crypto API calls from both on-premises and cloud applications and databases to legacy on-premises HSMs through a unified set of interfaces, including REST, PKCS#11, KMIP, JCE, and CNG. Master key material remains in the legacy HSM, while Fortanix creates corresponding virtual keys. 


All keys are managed, rotated, and revoked through the Fortanix web interface or APIs. When administrators are ready to migrate from their legacy HSMs, they can migrate keys to Fortanix FX 2200 appliances (FIPS 140-2 Level 3) and/or use Fortanix Self-Defending KMS in the public cloud.