Fortanix Key Insight Concepts

1.0 Introduction

1.1 Purpose

Welcome to the Fortanix Key Insight Concepts Guide. The purpose of this guide is to describe the high-level concepts of Fortanix Key Insight. Fortanix Key Insight enables you to apply uniform key lifecycle management policies and processes to cryptographic key management systems and mapping keys to the services they protect across multiple clouds.

1.2 Intended Audience

This guide is intended to be used by technical stakeholders of Fortanix Key Insight, such as the Chief Information Security Officer (CISO) who will use this feature to see compliance information or deficiencies at a very high level and is interested in trends and drift, and the Security Engineer, who will use this feature to find and fix issues with the implementation and management of cryptographic data protection.

2.0 Definitions

  • Key Insight - Organization: A CSP organization is an account management service that enables you to consolidate multiple CSP accounts into an organization that you create and centrally manage. Fortanix Key Insight scans a CSP organization and all the accounts within that organization.
  • Key Insight - Accounts: A CSP account is a container for your CSP resources. You create and manage your CSP resources in a CSP account. Fortanix Key Insight scans all the regions within a CSP account in a CSP organization
  • Key Insight - Keys: Keys are the primary resource in a CSP and are logical representations of cryptographic keys. Each key is assigned a unique identifier, known as a key ID. Fortanix Key Insight scans all the CSP accounts within an organization and identifies the key compliance status across multiple cloud regions.
  • Key Insight - Services: Services are application and infrastructure resources that exist on the cloud such as storage, computing capacity, and online databases. For example, some of the common AWS cloud services include Elastic Compute Cloud (EC2), AWS Relational Database Service (RDS), AWS S3, AWS Elastic Block Store (EBS), and Virtual Private Cloud.
  • Key Insight - Overview page: The Key Insight overview page helps users get a summary of the CSP keys and services.
  • Key Insight - Assessment page: The Key Insight assessment page helps users get a summary of the CSP keys and services policy compliance violations.
  • Key Insight - Scan: The act of making a connection with the CSPs and obtaining information about services of interest for Key Insight.
  • Key Insight - Management Groups: Management groups help organize and govern the cloud environments at scale. Management groups also help streamline the access, policies, and compliance associated with the Azure subscriptions. Fortanix Key Insight organizes Azure subscriptions into management groups and scans them.
  • Key Insight - Subscriptions: Subscriptions are a unit of management, billing, and scale within Azure. They play a critical role when designing large-scale Azure adoption. Each subscription is assigned a unique identifier, known as a subscription ID. Fortanix Key Insight scans all the Azure subscriptions within a management group and identifies the key compliance status across multiple cloud regions.
  • Key Insight - Azure Resource Groups: These are the logical containers that group related resources together. They can include resources from multiple services and are used for management, billing, and access control. They are the child hierarchy under the individual Azure Subscriptions. Fortanix Key Insight scans all the Azure resource groups within a subscription and identifies the key compliance status across multiple cloud regions.

3.0 Key Insight Features

The Fortanix Key Insight has the following features:

  • Discover and visualize your keys and data services: Provides a central view of where all keys and data services are across hybrid multi-cloud, their mapping, and lifecycle management status. 
  • Cloud key scanning for hybrid multi-cloud environment: Allows a user to scan the Key Management Systems (KMS) of all your organization’s accounts at major CSPs such as AWS Azure, GCP, and so on to discover cryptographic keys and services.
  • Reporting and alerting: Generate reports and view alerts on non-compliant keys and data assets. Additionally, it generates a report that identifies the encrypted services and the corresponding encryption keys used.
  • Unified dashboard with drill down capabilities: Provides a dashboard view of cryptographic keys and service compliance status across multiple clouds.
  • Download report: Allows users to download a report of the CSP keys and services.
  • Automatic data collection: Dynamically collect siloed information about all keys and data services that belong to the organization or individual accounts.

 

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful