Fortanix Data Security Manager
Fortanix Data Security Manager (DSM) is the world’s first multi-cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces or using the native Fortanix DSM RESTful interface.
Fortanix DSM uses built-in cryptography in Intel® Xeon® CPUs to help protect the customer’s keys and data from all external agents, reducing the system complexity greatly by removing the reliance on characteristics of the physical boxes. Intel® SGX enclaves prevent access to customer’s keys or data by Fortanix or any other cloud service provider.
Unlike many hardware security technologies, Intel® SGX is architected to help protect arbitrary x86 program code. Fortanix DSM uses Intel® SGX not only to help protect the keys and data but also all the application logic including role-based access control, account set up, password recovery, and so on. The result is significantly improved security for a key management service that offers the elasticity of modern cloud software and the hardware-based security of a Hardware Security Module (HSM) appliance, all while drastically reducing initial and ongoing costs.
Fortanix DSM is designed to enable businesses to serve key management needs for all their applications, whether they are operating in a public, private, or hybrid cloud.
High-Level Architecture of Fortanix DSM
Fortanix DSM uses Cassandra which is a highly scalable distributed database for storing the sensitive keys and metadata. The Elasticsearch component is responsible for storing and retrieving the event logs. Fortanix DSM also provides an attestation service that does intel SGX attestation. Fortanix DSM services can be monitored through Sensu. Sensu provides monitoring and alerting dashboard and has the ability to integrate with Slack, email, and other incident management solutions.