Fortanix is a consistent innovator in runtime encryption. They have recently concluded a collaboration with the Google Cloud Platform (GCP) that delivers an External Key Management System (EKMS) for the public cloud. The resulting solution enables businesses to migrate sensitive, private data to a public cloud environment without requiring them to give up control of their encryption keys.
The resulting solution enables businesses to migrate sensitive, private data to a public cloud environment without requiring them to give up control of their encryption keys.
To understand why this is an exciting development, consider the previous status quo: It has been possible for several years to perform runtime encryption in the public cloud. However, until now, this required letting the cloud service provider store the keys. The practice was known as bring your own keys (BYOK). Many companies understandably did not feel comfortable with this arrangement.
GCP is the first public cloud provider to enable customers to bring their own key management system, known as (BYOKMS). The Fortanix/GCP BYOKMS uses an API to create interoperability between The Google External Key Management Service and the Fortanix Self-Defending Key Management Service™ (SDKMS). The GCP user can take advantage of runtime encryption while keeping his or her keys away from GCP—and in an environment of their choosing.
When customers control their own keys, they can move applications that had been bound by compliance requirements to the public cloud. PCI DSS is one example of a compliance regimen that would have prohibited BYOK. Companies can migrate classes of sensitive data and applications to the cloud while remaining compliant with data privacy rules and security policies.
According to Il-Sung Lee, Product Manager at Google Cloud, “We give enterprises a broad range of encryption options to appropriately balance risk, control, security, and operational complexity when protecting cloud workloads.” He then added, “In collaboration with Fortanix, we’re bringing customers the next level of controls for their cloud environments with External Key Manager and making it easy to implement and support our customers’ governance and compliance processes.”
Faiyaz Shahpurwala, Fortanix’s Chief Product and Strategy Officer, noted, “As a cloud-native solution, Fortanix has the advantage of providing a unified encryption platform that includes key lifecycle management, hardware security module (HSM), tokenization and shares secrets in one system that services on-premises, hybrid cloud and public cloud. We commend Google for taking a leadership position by being the first public cloud provider to deliver this ground-breaking security functionality to the market.”