Fortanix Self Defending KMS Key Management Service
Fortanix Self-Defending Key Management Service (KMS) is the world’s first multi-cloud service secured with Intel® SGX. With Fortanix Self-Defending KMS, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix Self-Defending KMS using legacy cryptographic interfaces or using the native Fortanix Self-Defending KMS RESTful interface.
Fortanix Self-Defending KMS uses built-in cryptography in Intel® Xeon® CPUs to help protect the customer’s keys and data from all external agents, reducing the system complexity greatly by removing the reliance on characteristics of the physical boxes. Intel® SGX enclaves prevent access to customer’s keys or data by Fortanix or any other cloud service provider.
Unlike many hardware security technologies, Intel® SGX is architected to help protect arbitrary x86 program code. Fortanix Self-Defending KMS uses Intel® SGX not only to help protect the keys and data but also all the application logic including role-based access control, account set up, password recovery, and so on. The result is significantly improved security for a key management service that offers the elasticity of modern cloud software and the hardware-based security of an HSM appliance, all while drastically reducing initial and ongoing costs.
Fortanix Self-Defending KMS is designed to enable businesses to serve key management needs for all their applications, whether they are operating in a public, private, or hybrid cloud.
High-Level Architecture of Fortanix Self-Defending KMS
Fortanix Self-Defending KMS uses Cassandra which is a highly scalable distributed database for storing the sensitive keys and metadata. The elastic search component is responsible for storing and retrieving the event logs. Fortanix Self-Defending KMS also provides an attestation service that does intel SGX attestation. Fortanix Self-Defending KMS services can be monitored through Sensu. Sensu provides monitoring and alerting dashboard and has the ability to integrate with Slack, email, and other incident management solutions.