Check out all the on-demand sessions from the Intelligent Security Summit here.
The biggest and strongest of doors can be opened by the smallest of keys — encryption keys included.
In other words: No matter how fortified and secure an organization is, it can be compromised by undue access to keys, said Shashi Kiran, CMO of Fortanix.
“Key management is therefore non-trivial,” he said.
If a bad actor gets a hold of them, organizations with sensitive data run the risk of data breaches and becoming subject to ransomware. They could also run afoul of regulatory agencies that invoke hefty penalties.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
But, “all this can be gracefully avoided by decoupling data storage from key storage and focusing on the key management lifecycle,” said Kiran.
To enable organizations this ability for AWS customers, Fortanix today announced that its Fortanix Data Security Manager is now integrated with AWS External Key Store. This will allow organizations that deal with regulated data to run workloads on AWS by segregating data on the platform from encryption keys, said Kiran.
“The key to the crown jewels will be inherently more secure,” he said.
Confidential computing: A sophisticated level of security
Today, 81% of organizations are using multicloud infrastructures (or plan to do so soon). But this brings with it increased security risks: 45% of breaches occur in the cloud, and the average cost of a data breach is at an all-time high of $4.35 million.
This has fueled the expansion of the key management software market. In it, top players include Oracle Cloud Infrastructure Vault, Azure Key Vault, AWS Key Management Service, Egnyte and HashiCorp Vault. The market is expected to grow to $4.87 billion by 2028, representing a compound annual growth rate (CAGR) of nearly 29% from 2021.
And, the general confidential computing market — which Fortanix calls itself a pioneer of — is projected to grow at a whopping CAGR of 90% to 95%, reaching $54 billion in 2026.
The young, emerging method of confidential computing protects data “in use” by performing the computation in a hardware-based trusted execution environment (TEE). This makes it possible to keep data secure even when hackers get physical access to servers, and/or have root passwords, said Kiran.
He called it “such a sophisticated level of security,” which opens up many new use cases and helps derive much more data value. It is an underpinning to several data security use cases and is becoming increasingly strategic in the industry with cloud providers, ISVs and chip vendors supporting it.
“Confidential computing is a way to decouple security from your infrastructure,” said Kiran. “Even if your infrastructure is compromised, your data remains secure.”
Avoiding security and compliance risk
As Kiran noted, there are advanced cryptographic technologies and many controls in use, based on standards bodies such as the National Institute of Standards and Technology (NIST). Regulatory agencies are also requiring stringent compliance for data privacy with geolocation dependence with GDPR, Shrems-II and the California Consumer Protection Act (CCPA).
While encryption technologies can be highly successful in securing data — and public cloud providers like AWS have been doing it successfully — several compliance requirements warrant the use of a key store or key management entity that is outside the cloud provider, said Kiran.
A centralized, external key store allows users to maintain full custody of their keys. And, “this control includes defining where the keys reside, access and policy control,” said Kiran.
This functionality allows enterprises to move sensitive workloads to the cloud while fully satisfying their regulatory and compliance requirements.
“The status quo would be that the cloud provider does both,” said Kiran. “While technically feasible, this is increasingly viewed as a security and compliance risk that most CISOs and GRC leaders would do well to avoid.”
Granular access control
The Fortanix DSM integration with AWS External Key Store is built on Fortanix’s existing software-as-a- service (SaaS) offering. In addition to giving organizations full control of their encryption keys, it allows them to enforce granular access control across hybrid multicloud infrastructures and simplify workflows and audits with centralized key management.
As Kiran put it, the addressable market for the joint tool is “growing considerably.” Fortanix has seen several deployments with Google, and with AWS now committing to it, “we have no doubt that enterprise customers globally will benefit.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.