Fortanix’s customers are global players, such as IBM, Google, Adidas, VMWare and Paypal. Fortanix has to protect its customers’ data, particularly personally
identifiable information personally identifiable information (PII). Achieving compliance with ISO 27001 and SOC 2 is an excellent way to improve the security of the infrastructure and data and to reinforce customer trust.
Fortanix had already been through SOC 2 and PCI-DSS compliance but found the process tedious and labor-intensive. Faced with the need to obtain ISO 27001
compliance, senior security engineer Joep Seuren, who was leading the company’s compliance charge from Eindhoven in the Netherlands, sought a better solution – an automated one.
The need to address ISO 27001 was particularly urgent because multiple customer contracts depended on it, which would have impacted company revenue.
Fortanix’s solution provides a unified data security platform powered by confidential computing that delivers a suite of data security services, including encryption, multi-cloud key management, tokenization, TDE and multiple other capabilities. In order to maximize security, Fortanix wanted Akitra’s integration to be a customized approach to automated evidence collection, which Akitra then implemented.
Akitra also provided Fortanix with a comprehensive set of policies and controls, which Fortanix could easily adapt to its needs when necessary. “We very quickly found out when we began working with Akitra that our current set of controls did not map well to ISO, so it helped tremendously to adopt Akitra’s instead,” said Joep.
With ISO 27001 completed, Fortanix was able to move ahead with closing many customer deals that were dependent on achieving this milestone.
Joep and the Fortanix team were so pleased with the results of using Akitra for ISO 27001 that they have adopted it for renewing their SOC 2 Type 2 compliance as well.
In addition to these benefits, Fortanix is finding that they are now saving much more time in onboarding new customers. “Onboarding can be painful with prospects and customers who ask us to fill out long security questionnaires with hundreds of items – which can take several days each!”, explained Joep.
“Now that we have these compliances in hand, it’s typically five questions to answer and you’re done. This has drastically reduced the time to onboard.”