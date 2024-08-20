Fortanix has added File System Encryption to its Data Security Manager (DSM) product.

DSM is part of Fortanix Armor, a platform for consolidated data security services built on Confidential Computing, securing data while it is being processed, using hardware-based Trusted Execution Environments (TEEs) like Intel SGX (Software Guard Extensions). Its Runtime Encryption extends TEE protection by ensuring data and applications are secure even when they are actively being used in memory. Fortanix also offers a self-defending key management service to manage encryption keys, secrets, tokens, and certificates securely across different environments.

Fortanix unified data security platform graphic

DSM is a secure facility in that it secures sensitive data across public, hybrid, multi-clouds and private clouds. It has a Cohesity integration, in which Cohesity encrypts its backup data while Fortanix manages the keys, creating a separation of duties. Fortanix’s DSM has also been integrated with Cloudian’s HyperStore (v75.1). DSM received added Confidential Data Search in June last year, which provides scalable searches in encrypted databases with sensitive data, without compromising data security or privacy regulations. Or so the pitch goes. Fortanix also has a partnership with Snowflake to make DSM SaaS available to Snowflake customers.

Fortanix DSM screenshot

Anuj Jaiswal

Anuj Jaiswal, Fortanix VP of products, stated: “As data security becomes increasingly complex, offering organizations the ability to manage encryption across all levels through a unified platform creates huge value. The addition of Fortanix File System Encryption to our already robust Data Security Manager offering gives enterprises a one-stop shop for all of their encryption and data security needs.”

Fortanix File System Encryption (FSE) operates at the OS layer rather than the kernel layer, eliminating issues related to kernel dependencies. Enterprises can automate deployments using tools like Rundeck. FSE enables:

Levelling up of data security: Users can set up and manage agents to encrypt individual file systems mounted on host machines. They can scale agent deployments, DSM being a SaaS deployment, which are based on open policy agent specification.

Full control of access policies with granular policy-based decryption so only authorized users and processes can access plaintext data.

granular policy-based decryption so only authorized users and processes can access plaintext data. Efficiently manage encryption keys: Centralize lifecycle management of all encryption keys while storing them in natively integrated FIPS-140-2 Level 3 HSMs, available as SaaS or on-premises. Prevent involuntary or malicious key deletion with quorum approvals.

This latest DSM development means that Fortanix’s unified data security platform now supports encryption across all layers, including application, database, storage, and file system.