Fortanix Key Insight Concepts

  • Updated on Apr 25, 2025
  • Published on Jun 11, 2024
  • 6 minute(s) read
Prev Next

1.0 Introduction

This article describes the high-level concepts of Fortanix Key Insight. Fortanix Key Insight enables you to apply uniform key lifecycle management policies and processes to cryptographic key management systems and map keys to the services or resources they protect across multiple clouds, on-premises, and Hardware Security Module (HSM) or External Key Management Service (KMS) environments.

2.0 Definitions

  • Key Insight - Organization: A cloud service provider (CSP) organization is an account management service enabling you to consolidate multiple CSP accounts into an organization you create and manage centrally. Fortanix Key Insight scans a CSP organization and all the accounts within that organization.

  • Key Insight - Accounts: A CSP account is a container for your CSP resources. You create and manage your CSP resources in a CSP account. Fortanix Key Insight scans all the regions within a CSP account in a CSP organization

  • Key Insight - Keys: Keys are the primary resource in CSP, on-premises, and HSM or KMS environments. These are logical representations of cryptographic keys. Each key is assigned a unique identifier, known as a key ID. Fortanix Key Insight scans all the CSP, on-premises, and HSM or external KMS accounts and identifies their key compliance status.

  • Key Insight - Services: Services are application and infrastructure resources that exist on the cloud such as storage, computing capacity, and online databases. For example, some of the common Amazon Web Service (AWS) cloud services include Elastic Compute Cloud (EC2), AWS Relational Database Service (RDS), AWS Simple Storage Service (S3), AWS Elastic Block Store (EBS), Elastic File System (EFS), Elastic Kubernetes Service (EKS), DynamoDB, Redshift, and Virtual Private Cloud.

  • Key Insight - Assessment: Fortanix Key Insight Assessment helps users get a summary of the CSP and on-premises keys and services policy compliance violations.

  • Key Insight - Scan: The process of connecting with CSP key or services, on-premises resources, and external KMS or HSM keys to gather information about relevant services for Key Insight.

  • Key Insight - Management Groups: Management groups help organize and govern the cloud environments at scale. Management groups also help streamline the access, policies, and compliance associated with the Azure subscriptions. Fortanix Key Insight organizes Azure subscriptions into management groups and scans them.

  • Key Insight - Subscriptions: Subscriptions are a management, billing, and scale unit within Azure. They play a critical role when designing large-scale Azure adoption. Each subscription is assigned a unique identifier, known as a subscription ID. Fortanix Key Insight scans all the Azure subscriptions within a management group and identifies the key compliance status across multiple cloud regions.

  • Key Insight - Azure Resource Groups: These are the logical containers that group related resources together. They can include resources from multiple services and are used for management, billing, and access control. They are the child hierarchy under the individual Azure Subscriptions. Fortanix Key Insight scans all the Azure resource groups within a subscription and identifies the key compliance status across multiple cloud regions.

  • Key Insight – On-Premises Scanner: The Fortanix Key Insight on-premises scanner provides a comprehensive solution for the secure management and processing of sensitive data within an organization's internal infrastructure. This solution features a robust scanner package designed to handle and protect your on-premises keys and resources seamlessly within the Fortanix Key Insight.

    By integrating with Fortanix Key Insight, the scanner ensures that all data is processed securely, maintaining stringent protection and compliance standards across your local environment. This includes advanced capabilities for key management and resource oversight, enabling organizations to effectively monitor and safeguard their critical assets.

  • Key Insight – On-Premises Resources: Resources encompass the hardware, software, and infrastructure components used for managing and securing sensitive data within an organization’s local environment. The Fortanix Key Insight on-premises scanner includes various resources specifically designed to evaluate compliance status across multiple databases. For example, it can assess compliance for commonly used databases such as Oracle and Microsoft SQL Server (MSSQL).

  • Key Insight – External Key Source: A Hardware Security Module (HSM) or an External Key Management Service (KMS) offers a secure and centralized solution for generating, storing, and managing encryption keys outside of native cloud or application environments. These systems enhance data protection by isolating cryptographic operations from potentially vulnerable infrastructure. With Fortanix Key Insight and its external key source correlation capabilities, users can configure a list of application credentials—such as region, API key, and client certificate—associated with their Fortanix Data Security Manager (DSM) accounts, whether deployed as a Software-as-a-Service (SaaS) or in an on-premises environment.

    Using these credentials, you can establish cloud or on-premises connections within Fortanix Key Insight and optionally associate them with the corresponding DSM applications for correlation purposes. When a scan is initiated, Fortanix Key Insight analyzes the discovered keys and verifies whether they originate from Fortanix DSM (SaaS or on-premises), enabling visibility into key provenance and strengthening key lifecycle governance.

  • PQC Ready: PQC-Ready assets such as keys, services or resources are flagged as secure from quantum threats and are considered compliant with a post-quantum secure posture.

  • PQC Vulnerable: PQC-Vulnerable assets such as keys, services or resources pose a future security risk, and Fortanix Key Insight may flag them for remediation or migration planning in preparation for a quantum-resistant architecture.

3.0 Fortanix Key Insight Features

The Fortanix Key Insight has the following features:

  • Discover and visualize your keys and data services: Provides a central view of the location and status of all keys and data services within on-premises, hybrid multi-cloud environments, and HSM or external KMS, including their mapping and lifecycle management. 

  • Key scanning for on-premises, hybrid multi-cloud, and external key source: This feature enables users to scan Key Management Service (KMS) across all accounts in major on-premises databases, CSPs such as AWS and Azure, and external KMS such as Fortanix DSM (SaaS and On-premises) to identify cryptographic keys and services.

  • Reporting and alerting: Generate reports and view alerts on non-compliant keys and data assets. Additionally, it generates a report that identifies the encrypted services and the corresponding encryption keys used.

  • Unified dashboard with drill-down capabilities: Provides a dashboard view of cryptographic keys and service compliance status across multiple clouds, on-premises, and external KMS environments.

  • Download report: Allows users to download a report of the keys and services.

  • Automatic data collection: Dynamically collect siloed information about all keys and data services that belong to the organization or individual accounts.

  • Data-driven heatmaps: Quickly identify the biggest data security risks and prioritize the recommended next steps.

  • Quantum key detection: Identify vulnerable keys that lack quantum-resilience.

  • Cryptographic security score: Monitor your overall cryptographic security status with one indicative score.

  • Service key relationship: Identify at-risk services with an intuitive key-service relationship diagram.

  • Federated authentication: Provides a solution by enabling access to user accounts without requiring the sharing of long-lived credentials, which many users cannot provide due to compliance and security constraints. Beyond ensuring compliance, this feature allows users to centrally manage access across multiple services, offering more granular control over user permissions without the need for repeated configuration.

  • Export scanned data: Allows users to export all the scanned key and service-related data into comma-separated values (CSV) format. It supports cloud, federated authentication, external key sources, and on-premises connections. The export options offer flexibility, enabling users to download data for detailed analysis, audits, or reporting while also providing real-time status tracking through the Activities tab on Fortanix Key Insight.

  • Policy center: Enables users to automatically retrieve the crypto policies configured in Fortanix DSM and apply them to scans and assessments, ensuring that Fortanix Key Insight remains aligned with any updates in Fortanix DSM.

  • Post Quantum Cryptograpgy (PQC) Central: Provides a centralized access point within the Fortanix Key Insight left navigation, designed to provide a unified and visual overview of key management information. Serving as a launchpad for monitoring and analyzing post-quantum cryptography (PQC) data, it consolidates information from multiple sources—including cloud, on-premises, and external KMS/HSM keys or services/resources—into a single, easy-to-navigate interface. The dashboard offers a structured, graph-based layout to simplify the visualization of key data points, with drill-down capabilities for deeper insights.

Related articles