Fortanix Data Security Manager

The core security challenge addressed by Fortanix Data Security Manager (DSM) is the secure management and storage of cryptographic keys across diverse environments, including public cloud, on-premises, and hybrid infrastructures. This is achieved through a robust technical architecture that leverages Intel® Software Guard Extensions (Intel® SGX) to create secure enclaves, protecting keys and data from various threat vectors such as malware, operating system vulnerabilities, and even malicious insiders or service providers.

Fortanix DSM employs a software-based approach that offers HSM-grade security without the need for physical hardware security modules. It supports multiple interfaces, including REST APIs, PKCS#11, KMIP, JCE, Microsoft CAPI, and Microsoft CNG, making it compatible with a wide range of applications and infrastructure.

The system is designed for high availability and scalability, with built-in redundancy and disaster recovery mechanisms. It uses a distributed encrypted storage system with Cassandra, incorporating Paxos and Raft protocols to ensure data integrity and prevent loss or corruption. The architecture also includes automated load balancing, fault tolerance, and multi-geo deployment capabilities, ensuring low latency and high performance even in multi-cloud environments.

Key operational considerations include the need for minimal specialized expertise, as the SaaS-based model is designed for easy integration and management. The service operates from multiple data centers globally, providing a 99.95% SLA and supporting millions of keys per customer. However, the use of Intel® SGX may introduce some performance overhead, although it is generally negligible. Additionally, the centralized tamper-proof logging and enterprise-level access controls ensure compliance with stringent security standards, including FIPS 140-2 Level 3 certification.