Security startup Fortanix’s star is on the rise. The Mountain View, California-based company emerged from stealth mode last June with $8 million in Series A funding. Since then, it’s partnered with data center giant Equinix, which uses Fortanix’s key management software to power its new security service. And it also teamed up with IBM on a cloud security service that protects data in use with Fortanix’s technology.
Plus, Gartner named the startup a “cool vendor,” and it’s garnered a handful of awards and accolades for its technology. Most recently, RSA named it a runner up in the RSA Innovation Sandbox for “Most Innovative Startup” at last month’s RSA security conference.
The startup’s founders based the company on a simple premise, said Ketan Shah, VP of products at Fortanix. “Encryption has been the one tool that whenever it is used, it has negated data-breach risk,” he said. “It is used for data in transit and at rest. However, when the applications start to run, the data is essentially a sitting duck. It’s vulnerable to a variety of attacks.”
Encrypting Data In Use
Fortanix’s software addresses this security risk. It protects applications and data during computation.
Co-founder and CEO Ambuj Kumar previously worked at Cryptography Research. CTO Anand Kashyap, also a co-founder, spent several years in Symantec’s research labs division before moving to VMware and working in systems security.
The company’s first product, called Self-Defending Key Management Service (SDKMS), is a cloud-based service based on what Fortanix calls “runtime encryption” technology. It runs on Intel’s Software Guard Extensions (SGX) hardware and allows general-purpose computation on encrypted data. It provides both key management and hardware security model (HSM) capabilities via software, and it ensures untrusted operating systems, root users, and cloud providers don’t have access to the encrypted data.
The software runs in on-premises data centers and in any cloud that supports Intel SGX hardware.
Shah said that Fortanix chose Intel’s chipsets because they provide the strongest model for encrypting data in use — but didn’t rule out support for other vendors in the future.
“Looking at the maturity of the market, and the capabilities of Intel, we have bet on SGX and solutions built for SGX as the strongest force,” he said. “But our architecture is flexible and adaptable so depending on how the market adapts we can shift.”
IBM, Equinix Partnerships
Both Equinix and IBM seem to agree with Fortanix on this point. In December IBM began offering early access to the IBM Cloud Data Guard service that uses Fortanix’s Runtime Encryption platform. Equinix in March selected Fortanix’s SDKMS to power its new key management and hardware security module service — the data center company’s first foray into cloud security.
“Equinix is a partner and a customer,” Shah said, adding that the company has about a dozen other customers that he can’t name.
Shah described the company’s Runtime Encryption platform as its “chapter two.” It keeps a container encrypted during runtime, protecting the data in use even if the infrastructure is compromised. Most customers use this technology, still in the early-access stage, either in IBM Cloud or for on-premises environments, he said.
“We’re seeing traction from two types of use cases,” Shah said. “One is machine learning and analytics. Customers want to protect their data, but still want interesting insights. Runtime Encryption ensures that is done privately.”
Blockchain is the second use case, he said. “Organizations require certain proofs; for example this application ran in a certain amount of time, and we can provide additional insurances into that.”