Fortanix came out of stealth mode to deliver Runtime Encryption solutions this summer. What exactly is Runtime Encryption?
AK: Wouldn’t it be amazing if there were a way to guarantee security for sensitive workloads? Our mission at Fortanix is to deliver solutions that provide deterministic security regardless of the types of attacks.
To answer your question, just like encryption secures data at rest (such as full-drive encryption) and data in motion (such as SSL, padlocks in internet browsers), Runtime Encryption is a class of security solutions that keeps data encrypted during use. It offers a cryptographic certainty that data remains protected even when the infrastructure is compromised or untrusted.
With Runtime Encryption, for the first time ever, organizations have a solution that protects their most valuable assets from attackers who may have broken into the network, have root passwords and physical access, and have all the time in the world to mount the attack.
Can you briefly describe to me your secret sauce, and why is it important in cloud environments?
AK: Fortanix has been collaborating with Intel on Fortanix’s Runtime Encryption technology that utilizes Intel SGX. The Fortanix technology creates a portable security envelop that runs signed applications in completely protected states. We keep apps and data completely protected while in use from external and internal threats, OS-level hacks and network intruders. Fortanix Runtime Encryption technology delivers unprecedented levels of protection with the performance guarantees required by modern cloud applications.
Nowhere else is Runtime Encryption more critical than in cloud computing. During the formative years of the Internet, SSL and then later TLS helped created secure communication on an untrusted network. Similarly, we believe Runtime Encryption will fundamentally help establish trust in cloud computing. Encryption needs be performed everywhere: data at rest, data in motion, and also in runtime or data in use.
Aren’t there current solutions addressing runtime vulnerability issues? What makes your offering different?
AK: Most security tools offer isolation, detection or post-breach remediation to help organizations protect their data either on-premises or in cloud. However, these solutions are based on probabilistic models and are not foolproof in addressing runtime vulnerability. Fortanix is the first and only company to offer deterministic security.
With Runtime Encryption customers know that no matter what happens, their data remains cryptographically protected. No amount of zero-day compromises, operating system level hacks, infrastructure compromise, and even government subpoena can compromise the data. Runtime Encryption uses hardware foundation to provide deterministic security needed for most sensitive applications at the performance demanded by modern Internet-scale applications.
You recently announced some enhancements to your Self Defending Key Management Service (SDKMS) that leverages Runtime Encryption. Can you provide us with a brief overview of the new capabilities in SDKMS?
AK: Yes, we recently announced that our Self-Defending Key Management Service extends runtime encryption protection beyond cryptographic keys and private data with the industry’s first Runtime Encryption Plugin to secure sensitive application code. The new Fortanix Plugin allows customers to run sensitive business logic inside a trusted environment. The Plugin is developed in standard programming languages and is deployed in minutes without needing additional licenses, complex toolkits, or professional services. Customers or developers can customize the application code and processing of keys for their business requirements using scripting or high-level languages, and execute that business logic in the secure and trusted environment that Fortanix provides.
The protection delivered by the Plugin is necessary for implementation of custom cryptographic keys, and for runtime in uncontrolled environments such as outsourced manufacturing. The Runtime Encryption Plugin framework is designed for ease of use and deployment. Application developers can create a Plugin using scripting or high-level languages, while administrators can centrally upload, deploy, and manage the Plugin.
Can you tell me about your work with Equinix I keep hearing about?
AK: Recently Equinix and Fortanix unveiled our joint collaboration to launch the Equinix SmartKey™ public beta program, the industry’s first Hardware Security Module (HSM)-as-a-Service. Fortanix collaborated with Equinix to develop a multi-site, multi-tenant, horizontally scalable service. We offer organizations a cloud-independent, key management and cryptography service hosted on Platform Equinix™, Equinix’s global interconnection and data center platform. Customers benefit from strong SLAs backed by the world-class infrastructure and connectivity from Equinix.
SmartKey supports enterprise-wide keys and policies with synchronization capabilities that break not just traditional enterprise silos but work seamlessly across hybrid and multi-cloud environments. Organizations can use the SmartKey service to secure sensitive cloud and legacy applications, including digital payments, PKI systems, IOT applications, manufacturing, and remote TLS terminations.
What are the challenges customers face when protecting data and keys in cloud environments?
AK: Organizations are increasingly using hybrid or multi-cloud for their IT business needs. While encryption is an effective control to protect data stored in cloud environments, lack of uniform key management policies can lead to significant complexity and integration challenges. The Fortanix solution supports enterprise-wide keys and policies with synchronization capabilities that break not just enterprise silos but work seamlessly across hybrid and multi-cloud environments. Organizations can use any cloud that works best for them.
Bring Your Own Key (BYOK) and separation of keys and data are critical to give control to organizations, but they often find themselves in a trade-off against the technical complexity of implementing BYOK. Fortanix’s SDKMS solution offers the ease of use and flexibility of modern-era software for BYOK. No longer are customers forced to compromise between security and simplicity. Fortanix SDKMS offers Hardware Security Module (HSM) capabilities with software-like flexibility and a globally scalable architecture for modern cloud applications.
GDPR compliance is top of mind for many organizations. How does your offering help with this?
AK: GDPR is a legal framework for achieving common-sense privacy and security measures. The measures include processing data securely, controlling who has access to your data, revoking access when there is no business need, and customers’ right to privacy amongst others. While these measures are all straightforward and much needed, organizations find themselves against a tight schedule to implement GDPR before the upcoming May 2018 deadline. GDPR requires organizations to identify, classify, and access control their data assets. This requires collaboration between business leaders, legal and operations.
Fortanix SDKMS can help organizations implement encryption and govern access control. Organizations can encrypt their data and grant relevant keys to users. The key grants can be temporary, on-need basis, and revocable. SDKMS can facilitate these controls for organizations with on-premise, hybrid cloud and multi-cloud environments. SDKMS helps organizations meet data access regulations as well as improve their security posture.
What can we expect to see from Fortanix in the future?
AK: Our goal over next year is to inform organizations about new choices, new possibilities, and a new world where it’s possible to have protection from data breaches, where there is a cryptographic certainty that your data cannot be misused. With Runtime Encryption, organizations have this certainty.
We’re also focusing on establishing technology partnerships to bring new innovative Runtime Encryption solutions to the market and extend the reach of our solutions.
It’s been great chatting with you. Anything else you would like to share?
AK: Organizations are continuously assessing the delicate balance of risk and benefits of cloud computing, especially when it comes to sensitive workloads. Runtime Encryption can tip this balance firmly in favor of secure adoption of cloud services. This can unleash a new wave of innovation and collaboration across many industries for services, workloads and data previously constrained.