Fortanix debuts commercially available runtime encryption using Intel SGX to protect sensitive data during runtime



Fortanix Inc. announced Thursday its initial commercially available Runtime Encryption solution using Intel Software Guard Extensions (SGX) to best protect private data even during runtime.

Now organizations can leverage a Runtime Encryption environment where they can run their most sensitive applications with complete and deterministic privacy, as data remains encrypted and completely protected from cloud providers, system administrators, insiders, government subpoena, and network hackers.

In conjunction with this first Intel SGX-enabled production software, Fortanix has also launched the Runtime Encryption Slack Channel, available online. The channel is a growing community of professionals who connect to discuss Intel SGX and Runtime Encryption.

The solution provides SGX-enabled production software, Fortanix’ Self-Defending Key Management Service (SDKMS) is a cloud service delivering Runtime Encryption technology to protect applications and data during use. Runtime Encryption allows general-purpose computation on encrypted data without exposing sensitive data to untrusted operating systems, root users, cloud providers, or malicious insiders.

Fortanix’ SDKMS offers hardware security module (HSM)-grade security with software flexibility. It delivers a FIPS 140-2 level-3 cloud service that offers centralized management, tamperproof logs, and RESTful APIs. Built for today’s cloud applications, SDKMS provides a multi-site, multi-tenant scalable solution available in various forms including a hardened appliance from Fortanix with transparent pricing; a cloud service; and software that runs on commodity x86 servers.

Secured with Intel® SGX, Fortanix’ SDKMS is the world’s first and only key management solution that is secure from cloud providers and government subpoena; that is cloud agnostic, built to scale, and provides software flexibility with hardware security module (HSM) grade security. SDKMS offers central management, tamper-proof logging, rich access control, and massive scalability. Organizations use SDKMS to secure their sensitive cloud and traditional applications, including digital payments, PKI systems, IOT applications, silicon manufacturing, and remote TLS terminations – all while drastically reducing integration complexities and expenses.

“The Runtime Encryption Slack Channel is an excellent communication and support channel for users and developers with Intel SGX questions and discussion topics,” said Manish Mehta, Senior Security Engineer at Netflix. “This virtual meeting place is the beginning of an ecosystem of SGX practitioners looking to either implement SGX or build a solution utilizing SGX.”

Fortanix also demonstrated running sensitive applications operating securely with Intel SGX. Its Runtime Encryption supports many applications including OpenStack Barbican, OpenDJ, MySQL, PostgreSQL, and any application written in Python, C, C++, or Rust.

Traditional security methods fail to protect private data from new and evolving threats – including insiders, complex network topologies, privileged users, OS-level hacks, network intruders, and sophisticated malware. Just like encryption protects data at rest and data in motion, Fortanix’ Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats. Runtime Encryption allows customers to run their most sensitive applications in public clouds, edge servers and untrusted geographies securely.

“Fortanix has made available a Key Management Service that’s so secure even cloud providers and root users cannot hack into it, and it cannot be penetrated even with a government subpoena,” said Ambuj Kumar, Fortanix CEO and co-founder. “When Intel introduced the Intel SGX technology two years ago, it marked the beginning of an era where the last frontier of unprotected data began to be addressed – the era of securing data-in-use. Fortanix Runtime Encryption offers cryptographic protection of fully homomorphic encryption with no performance impact, and we are pleased to be the first company to make the solution available for organizations to use in production environments.”

Leave a Reply

WWPI – Covering the best in IT since 1980