Fortanix Data Security Manager (DSM)
Overview
Fortanix Data Security Manager is a unified data security platform that combines key management, tokenisation, secrets management, and application and database encryption within a single solution. It can be delivered as SaaS, a virtual appliance, or a hardware appliance with an integrated FIPS 140-2 Level 3 HSM. The platform uses Intel SGX-based enclaves to provide HSM-grade security for keys and cryptographic operations across hybrid and multicloud environments.
Unsung is a Fortanix Bronze Partner and Value-Added Solutions Provider. We design, implement, and support DSM deployments for UK customers requiring unified data security and key management across on-premises, cloud, and hybrid environments.
The Challenge
Organisations operating across multiple cloud providers and on-premises environments face a fragmented data security landscape. Encryption keys are managed through different provider-specific services, secrets are stored in separate vaults, and tokenisation is handled by yet another platform. This fragmentation creates inconsistent policies, operational complexity, and difficulty demonstrating compliance across the estate.
Traditional approaches require separate HSMs for key protection, adding cost and integration complexity. Organisations need a unified platform that brings key management, encryption, tokenisation, and secrets management together with HSM-grade key protection — without requiring separate physical HSM infrastructure for every deployment.
What It Does
DSM addresses these challenges by providing a single platform for all data security operations. Key management capabilities cover the full lifecycle across multiple cloud providers with BYOK support, enabling organisations to maintain control of encryption keys regardless of where data resides. Tokenisation and application-layer encryption protect sensitive data fields, whilst secrets management secures API keys, credentials, and configuration data used by applications and DevOps pipelines.
The platform integrates via REST, KMIP, PKCS#11, JCE, and CAPI/CNG interfaces, enabling connection to a broad range of applications, databases, and infrastructure components. Its Intel SGX-based architecture provides HSM-grade key protection within the platform itself, eliminating the need for separate network-attached HSMs in many deployment scenarios. DSM supports transparent database encryption key management, application encryption, and secure DevOps secrets across hybrid and multicloud estates.
How Unsung Helps
Unsung helps clients assess their data security and key management requirements, evaluate whether a unified platform approach suits their environment, and implement DSM integrated with their existing infrastructure. Our Hardware Security Modules service provides guidance on HSM strategy including when integrated HSM capabilities within platforms such as DSM offer advantages over traditional network-attached HSMs.
Related Unsung Services
Hardware Security Modules — HSM strategy, deployment, and integration for key protection.
PKI Consultancy — Advisory on cryptographic infrastructure and key management strategy.
PKI Design & Build — Design and implementation of data security and cryptographic architectures.
