Data Security as Service with Fortanix Self-Defending KMS and VMware Cloud Director

We are pleased to offer a guest post from one of our valued partners: Fortanix.This post highlights another key partnership that is helping us deliver additional capabilities to our VMware Cloud Providers.  

By Faiyaz Shahpurwala, Chief Product & Strategy Officer, Fortanix

Customers deploying applications in the cloud face major security challenges today. Cloud providers treat cloud security as a mutual obligation. The cloud providers are responsible for the infrastructure security of the cloud, and the customer covers the security of what data and application they put in the cloud.

As the organization migrates to the cloud, privacy and security become the major requirements. To close the security gaps in the cloud journey, there is a need for a lifecycle of security services to deliver an end-to-end protection.

VMware and Fortanix Partnership

Thanks to the VMware and Fortanix partnership, cloud partners can easily deliver a complete and centralized data security as a service through VMware Cloud Director. Fortanix Data Security as a Service offers the following features:

  • Key management service for vSAN/vSphere encryption – Protect VM disks and prevent unauthorized data access
  • Tokenization – Tokenize PII data and maintain control and compliance when moving data to the cloud
  • Secrets Management – Secure secrets management for customer deploying containers on Kubernetes
  • Compliance – Protect private keys for vSAN and vSphere encryption using industry-standard, FIPS 140-2 Level 3 compliant HSM
  • Single pane of glass – Centralized crypto services management across Global Multi-cloud/hybrid cloud environments

Deliver Full Data Security as a Service

As an extension to the VMware Cloud Provider Platform, Fortanix can uniquely help VMware cloud partners deliver data security as a service, including full encryption service and global key management available today all in one platform that integrates with VMware Cloud Director for full multi-tenancy. In addition, the teams will soon be adding integration for secrets management, tokenization and multi-cloud security for your customers workloads! The Fortanix Data Security as a service is a key cloud security service for VMware customers and can bring in additional revenue to the VMware cloud partners.

There are 3 foundational services offered for VMware Cloud Director

  1. Provider Side VM Encryption: This offering is centered around a service provider admin encrypting the VMs in their cloud environment to satisfy their own internal security compliance requirements as a Service Provider. Ideally, the end customer or the Tenant does not care and does not know anything about the fact that their service provider is encrypting their VMs.
  2. Provider Managed Tenant Side VM Encryption: This offering is focused on tenants being able to enable and disable encryption on their VMs using storage profiles. Because tenants will not be able to manage or have control over their certificates, they will need to trust and rely on their service providers to manage their encryption key for them on their behalf. This use case satisfies tenants who have security compliance requirements that require encryption of their VMs but who are not interested or in a position to manage a KMS and are happy for their service provider to do it for them on their behalf.

  1. Tenant Managed Dedicated vCenter VM Encryption: This offering is for tenant customers who are consuming their own dedicated vCenter from a service provider that they are managing and accessing as an IaaS Virtual Datacenter through the VMware Cloud Director Tenant Portal. In this case, the tenant can supply, own, and manage their own encryption certificates and KMS that is associated with their dedicated vCenter.

Learn More about Delivering Security as a Service

To summarize, the encryption functionality will be available in the recently announced VMware Cloud Director 10.2 and can be delivered as a self-service offering for the tenants. Naturally, all encryption keys need to be either managed by the provider in a fully managed service or managed by the customer/tenant through a self-service. Self-service is now possible with Fortanix multi-tenanted Data Security service providing FIPS 140-2 Level 3 HSM security with software-like flexibility.

For more information on Fortanix Self-Defending KMS and VMware Partner Program, visit

Author Bio

Faiyaz Shahpurwala, Chief Product & Strategy Officer at Fortanix, most recently led the charter for IBM Cloud Platform as VP/GM delivering a portfolio of enterprise cloud offerings. Prior to that he was SVP at Cisco Systems, responsible for building and running their Cloud Infrastructure and Managed Services Organization. He also spent 4 years in India leading Cisco’s globalization efforts in Bangalore and being responsible for the Advanced Services and Industry solutions business for Asia Pac and Emerging Markets. In 2001 he was part of a storage Networking Startup Andiamo Systems that was acquired by Cisco. He was the inventor and holds a patent for NatKit, a remote monitoring tool. He has held an advisory role for many startups (View, Platform 9,, Minjar)