Alibaba Cloud Customers Benefit from Runtime Encryption and Intel® SGX-Enabled Key Management for Unmatched Comprehensive Protection of Sensitive Cloud Data
Fortanix® Inc., the leader in Runtime Encryption®, today announced its partnership with Alibaba Cloud, the cloud computing arm of Alibaba Group, to integrate its Self-Defending Key Management Service™ (SDKMS) with the Alibaba Cloud platform, introducing new levels of security and privacy with Runtime Encryption key management in the cloud.
Alibaba Cloud is among the world’s top three IaaS providers according to Gartner and the largest provider of public cloud services in China according to IDC. It launched commercial Intel® Software Guard Extensions (Intel® SGX)-powered cloud servers as Elastic Compute Service (ECS) bare metal instances in April. Working with Fortanix, customers can now keep their most precious applications secure with new levels of security and privacy for encryption keys in the cloud. This new partnership enables secure cloud adoption for even the most sensitive workloads by allowing prospects to securely adopt the cloud with unmatched privacy for their encryption keys offered by Fortanix SDKMS.
“Fortanix is one of the leaders in Intel SGX technology and their Runtime Encryption can bring applications that were previously constrained due to security issues to the cloud,” said Xiaoning Li, Chief Security Architect of Alibaba Cloud. “Fortanix Self-Defending Key Management Service allows customers to encrypt all their data in Alibaba Cloud, while keeping the keys protected from Fortanix and Alibaba Cloud. We are glad to partner with Fortanix to provide a cutting-edge cloud security options to our users.”
Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations and government organizations. Security is always Alibaba Cloud’s top priority, and with Runtime Encryption Alibaba Cloud now allows customers to have another option to run their most sensitive applications while keeping the applications and data protected.
“Fortanix is delighted to partner with Alibaba Cloud,” said Anand Kashyap, co-founder and CTO of Fortanix. “Multiple customers have asked us about best practices for securing their sensitive digital assets while operating overseas. Intel SGX offers an incredible level of security by removing the cloud provider and infrastructure entirely from the trust boundary. This partnership follows our strategy of ensuring Fortanix Runtime Encryption technology and Intel SGX are available in more clouds and in more regions.”
This partnership enhances SDKMS consumption options and marks an important milestone for Fortanix in making SDKMS accessible to customers of large public cloud. SDKMS can now be consumed in three ways: As an appliance, through SaaS, and now through IaaS with software running on cloud servers with Intel SGX. SDKMS enables a broad set of use cases for data security in the cloud, including protection for signing, virtualization, database, blockchain, data analytics, and more.
SDKMS is deployed on Alibaba Cloud using the following three steps:
- Customers order ECS Bare Metal instance with Intel SGX running Ubuntu 16.04 Linux on Alibaba Cloud. These servers are currently available in several regions in Alibaba Cloud in China. For high availability, Fortanix recommends a minimum of three servers.
- Customers then buy an SDKMS software subscription from Fortanix and get an installer package. The installer needs to be run on all servers to create a single SDKMS cluster.
- Customers can also have a complete deployment by issuing the certificates for the certificate signing requests generated in the previous steps.
Self-Defending Key Management Service™ (SDKMS) is the world’s first commercial solution built using Intel SGX, delivering Runtime Encryption technology to protect keys, applications and data during use. SDKMS offers key management, HSM, and tokenization as a service – all rolled into one product with infinite scalability for number of keys and number of operations. It has support for both legacy and new applications with PKCS#11, KMIP, JCE, MS-CAPI, MS-CNG, and REST interfaces. Customers use SDKMS to encrypt their databases (Oracle, Microsoft SQL server, MongoDB, etc.), run their certificate authority, manage their cloud secrets, and encrypt their VMware vSAN clusters. SDKMS is a FIPS 140-2 validated solution that can meet various compliance requirements, such as GDPR and PCI.
Fortanix delivers provable deterministic security to organizations by offering the industry’s only Runtime Encryption. It has been selected by leading partners, including to power Equinix SmartKey™ HSM-as-a-service and by IBM Cloud. While today’s encryption technologies protect only data at rest and data in motion, Runtime Encryption keeps keys, data and applications completely protected while in use from external and internal threats, including insiders, cloud providers, government subpoena, OS-level attacks, and network intruders. Fortanix is venture backed and headquartered in Mountain View, Calif. For more information, see https://fortanix.com/.