Security has commonly been considered as one of the top barriers to cloud adoption. Enterprises, especially those with operating with sensitive data, have been reluctant to adopt cloud. This reluctance is exacerbated when these enterprises go global and need to operate in multiple clouds, each with its own security characteristics. Fortanix® invented Runtime Encryption® precisely to solve this security challenge. Runtime Encryption allows customers to run their most sensitive applications on cloud and keep the applications and their data protected even when the cloud infrastructure is compromised and even when the underlying operating system is compromised.
Welcoming Alibaba Cloud to Fortanix ecosystem
As Intel® SGX machines are still not fully available on all clouds, Fortanix has selectively partnered with strong cloud providers to bring Runtime Encryption to the customers. The latest in our growing ecosystem is Alibaba Cloud. Alibaba Cloud recently enabled Intel® SGX in their cloud and invited Fortanix to offer our solution there. We are extremely happy to bring the security offered by Runtime Encryption to Alibaba Cloud because it would allow customers to secure their applications.
“Fortanix is one of the leaders in Intel® SGX technology and their Runtime Encryption can bring applications that were previously constrained due to security issues to cloud. Fortanix Self-Defending Key Management Service™ allows customers to encrypt all their data in Alibaba Cloud while keeping the keys protected from Fortanix and Alibaba Cloud. We are thrilled to have Fortanix as a partner to provide a cutting-edge cloud security options to our users,” said Xiaoning Li, Chief Security Architect of Alibaba Cloud.
“Fortanix is delighted to partner with Alibaba Cloud. We have seen multiple customers reach out to us about the best practices of securing their sensitive digital assets while operating overseas. Intel® SGX offers the incredible level of security by removing the cloud provider and infrastructure entirely from the trust boundary. Alibaba Cloud launched commercial Intel® SGX cloud servers as ECS bare metal instances in April 2018. Thus, customers can use Fortanix software on Alibaba Cloud to keep their most precious applications secure”, said Anand Kashyap, co-founder and CTO of Fortanix.
What is SDKMS?
Self-Defending Key Management Service™ (SDKMS) is the world’s first commercial solution built using Intel® SGX. SDKMS offers key management, HSM, tokenization as a service — all rolled into one product with infinite scalability for number of keys as well as number of operations. It has support for both legacy and new applications with PKCS#11, KMIP, JCE, MS-CAPI, MS-CNG, and REST interfaces. Customers use SDKMS to encrypt their databases (Oracle, Microsoft SQL server, MongoDB, etc.), run their certificate authority, manage their cloud secrets, and encrypt their VMware vSAN clusters.
SDKMS is a FIPS 140–2 validated solution that can meet various compliance requirements such as GDPR and PCI.
How can customers purchase and use SDKMS in Alibaba Cloud
Now, customers can deploy SDKMS inside Alibaba Cloud and rest easy knowing all their keys and secrets are protected.
Please see Alibaba Cloud’s blog announcing the partnership.
Customers can run SDKMS on Alibaba Cloud by following these three steps:
- Order ECS Bare Metal instance with Intel® SGX running Ubuntu 16.04 Linux on Alibaba Cloud. These servers are currently available in several regions in Alibaba Cloud in China. Fortanix recommends a minimum of 3 servers for high availability.
- Buy SDKMS software subscription from Fortanix and get an installer package. The installer needs to be run on all servers to create a single SDKMS cluster.
- Complete deployment by issuing the certificates for the certificate signing requests generated in the previous step.
About Fortanix
Fortanix is the world’s only company to provide security that cannot be compromised by hackers even when they have physical access and root credentials! This allows customers to operate the most sensitive applications without worrying about cloud-compromise, blind government subpoena, malwares, and cross-VM attacks. Fortanix provides this deterministic security by encrypting application data everywhere — at rest, in motion, and in use with Runtime Encryption securely built upon Intel® SGX. Fortanix is a Gartner Cool Vendor and also was runner up in RSA Innovation Sandbox among 500+ security companies where judges called it “holy grail of security”. Fortanix has more than ten patents pending for its innovation.
About Alibaba Cloud
Established in 2009, Alibaba Cloud, the cloud computing arm of Alibaba Group, is among the world’s top three IaaS providers according to Gartner, and the largest provider of public cloud services in China according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations and government organizations. Alibaba Cloud is the official Cloud Services Partner of the International Olympic Committee.
Posted by Ambuj Kumar and Anand Kashyap Fortanix
