Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for Amazon Web Services' (AWS) external encryption key store system, adding another major public cloud vendor to the list of those supported for the company’s key management system.
Fortanix, which already supports this type of cloud key management system in Azure and Google Cloud, is trying to solve one of the major security and regulatory problems posed by multi-cloud environments.
Every public cloud provider has its own management service for digital keys, which generally don’t integrate with services provided by other vendors. That’s a serious headache for companies whose IT departments use products hosted in different clouds.
Using Fortanix’s system, however, users can segregate keys from operational workloads being run in AWS, which solves regulatory problems posed by GDPR and other data protection requirements, as well as offering an additional buffer of security between a workload — which could be compromised — and the security keys needed to access related data.
“By using Fortanix DSM as a centralised, external key store, customers maintain full custody of their keys with complete control over the data encryption policies on AWS or other cloud providers,” the company explained in a statement. “This control includes defining where the keys reside, access, and policy control.”
Key management and multi-cloud security is messy, according to Gartner senior director analyst Brian Lowans. It’s a mixed world, in terms of what different cloud and security vendors need to provide in order to offer reasonable security, which sometimes doesn’t always match up with what they actually do offer.
“The detail gets messier as you go into it,” he said. “The approach by the cloud service providers like AWS so far is that they’ve been very helpful in creating their own key management service, so they have leveraged a particular hardware security module and use that to create the key management service that’s then offered to customers.”
What Fortanix has done, however, offers an independent, integrated option for the multi-cloud users of the world, letting them leverage their own technology to provide key management as a service.
“That means they can help customers [utilise] key management systems in their own network … as well as help customers deliver and use [key management systems] across a variety of cloud service providers,” said Lowans.