Fortanix Key Insight Concepts

1.0 Introduction

1.1 Purpose

This article describes the high-level concepts of Fortanix Key Insight. Fortanix Key Insight enables you to apply uniform key lifecycle management policies and processes to cryptographic key management systems and map keys to the services or resources they protect across multiple clouds, on-premises, and Hardware Security Module (HSM) or External Key Management Service (KMS) environments.

1.2 Intended Audience

This article is intended to be used by Fortanix Key Insight's technical stakeholders, such as the Chief Information Security Officer (CISO), who will use this feature to see compliance information or deficiencies at a very high level and is interested in trends and drift, and the Security Engineer, who will use this feature to find and fix issues with the implementation and management of cryptographic data protection.

2.0 Definitions

Key Insight - Organization: A cloud service provider (CSP) organization is an account management service enabling you to consolidate multiple CSP accounts into an organization you create and manage centrally. Fortanix Key Insight scans a CSP organization and all the accounts within that organization.
Key Insight - Accounts: A CSP account is a container for your CSP resources. You create and manage your CSP resources in a CSP account. Fortanix Key Insight scans all the regions within a CSP account in a CSP organization
Key Insight - Keys: Keys are the primary resource in CSP, on-premises, and HSM or KMS environments. These are logical representations of cryptographic keys. Each key is assigned a unique identifier, known as a key ID. Fortanix Key Insight scans all the CSP, on-premises, and HSM or external KMS accounts and identifies their key compliance status.
Key Insight - Services: Services are application and infrastructure resources that exist on the cloud such as storage, computing capacity, and online databases. For example, some of the common Amazon Web Service (AWS) cloud services include Elastic Compute Cloud (EC2), AWS Relational Database Service (RDS), AWS Simple Storage Service (S3), AWS Elastic Block Store (EBS), Elastic File System (EFS), Elastic Kubernetes Service (EKS), DynamoDB, Redshift, and Virtual Private Cloud.
Key Insight - Overview page: Fortanix Key Insight Overview page helps users summarize the CSP, on-premises, and external HSM or KMS keys and services.
Key Insight - Assessment page: Fortanix Key Insight Assessment page helps users get a summary of the CSP and on-premises keys and services policy compliance violations.
Key Insight - Scan: The process of connecting with CSP key/services, on-premises resources, and external KMS or HSM keys to gather information about relevant services for Key Insight.
Key Insight - Management Groups: Management groups help organize and govern the cloud environments at scale. Management groups also help streamline the access, policies, and compliance associated with the Azure subscriptions. Fortanix Key Insight organizes Azure subscriptions into management groups and scans them.
Key Insight - Subscriptions: Subscriptions are a management, billing, and scale unit within Azure. They play a critical role when designing large-scale Azure adoption. Each subscription is assigned a unique identifier, known as a subscription ID. Fortanix Key Insight scans all the Azure subscriptions within a management group and identifies the key compliance status across multiple cloud regions.
Key Insight - Azure Resource Groups: These are the logical containers that group related resources together. They can include resources from multiple services and are used for management, billing, and access control. They are the child hierarchy under the individual Azure Subscriptions. Fortanix Key Insight scans all the Azure resource groups within a subscription and identifies the key compliance status across multiple cloud regions.
Key Insight – On-Premises Scanner: The Fortanix Key Insight on-premises scanner provides a comprehensive solution for the secure management and processing of sensitive data within an organization's internal infrastructure. This solution features a robust scanner package designed to handle and protect your on-premises keys and resources seamlessly within the Fortanix Key Insight.
By integrating with Fortanix Key Insight, the scanner ensures that all data is processed securely, maintaining stringent protection and compliance standards across your local environment. This includes advanced capabilities for key management and resource oversight, enabling organizations to effectively monitor and safeguard their critical assets.
Key Insight – On-Premises Resources: Resources encompass the hardware, software, and infrastructure components used for managing and securing sensitive data within an organization’s local environment. The Fortanix Key Insight on-premises scanner includes various resources specifically designed to evaluate compliance status across multiple databases. For example, it can assess compliance for commonly used databases such as Oracle and Microsoft SQL Server (MSSQL).
Key Insight – External Key Source: An HSM or External KMS provides a secure solution for managing, storing, and utilizing encryption keys outside of native environments. With Fortanix Key Insight and external key source correlation, you can configure a list of Fortanix DSM (SaaS) application credentials (region and certificate) in Fortanix Key Insight, corresponding to your DSM accounts. You can then create a cloud connection in Fortanix Key Insight and optionally select DSM app credentials for correlation. When you initiate a scan, Fortanix Key Insight verifies whether the scanned keys originate from Fortanix DSM (SaaS).

3.0 Fortanix Key Insight Features

The Fortanix Key Insight has the following features:

Discover and visualize your keys and data services: Provides a central view of the location and status of all keys and data services within on-premises, hybrid multi-cloud environments, and HSM or external KMS, including their mapping and lifecycle management.
Key scanning for on-premises, hybrid multi-cloud, and external key source: This feature enables users to scan Key Management Service (KMS) across all accounts in major on-premises databases, CSPs such as AWS and Azure, and external KMS such as Fortanix DSM (SaaS) to identify cryptographic keys and services.
Reporting and alerting: Generate reports and view alerts on non-compliant keys and data assets. Additionally, it generates a report that identifies the encrypted services and the corresponding encryption keys used.
Unified dashboard with drill-down capabilities: Provides a dashboard view of cryptographic keys and service compliance status across multiple clouds, on-premises, and external KMS environments.
Download report: Allows users to download a report of the keys and services.
Automatic data collection: Dynamically collect siloed information about all keys and data services that belong to the organization or individual accounts.
Data-driven heatmaps: Quickly identify the biggest data security risks and prioritize the recommended next steps.
Quantum key detection: Identify vulnerable keys that lack quantum-resilience.
Cryptographic security score: Monitor your overall cryptographic security status with one indicative score.
Service key relationship: Identify at-risk services with an intuitive key-service relationship diagram.
Federated authentication: Provides a solution by enabling access to user accounts without requiring the sharing of long-lived credentials, which many users cannot provide due to compliance and security constraints. Beyond ensuring compliance, this feature allows users to centrally manage access across multiple services, offering more granular control over user permissions without the need for repeated configuration.
Export scanned data: Allows users to export all the scanned key and service-related data into comma-separated values (CSV) format. It supports cloud, federated authentication, external key sources, and on-premises connections. The export options offer flexibility, enabling users to download data for detailed analysis, audits, or reporting while also providing real-time status tracking through the Activities tab on Fortanix Key Insight.
Policy center: Enables users to automatically retrieve the crypto policies configured in Fortanix DSM and apply them to scans and assessments, ensuring that Fortanix Key Insight remains aligned with any updates in Fortanix DSM.

Fortanix Key Insight Concepts

1.0 Introduction

1.1 Purpose

1.2 Intended Audience

2.0 Definitions

3.0 Fortanix Key Insight Features

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6