NTT DATA and Fortanix Forge a Global Partnership: “Cryptography as a Service” for the AI Era… and the Post-Quantum Era

NTT DATA and Fortanix have announced a global partnership with a clear goal: helping organizations protect sensitive data across multicloud, hybrid, and AI environments, and prepare today for the challenges of . This agreement results in a new cryptography as a service (CaaS) offering within NTT DATA’s portfolio, built on Fortanix’s Data Security Manager platform and leveraging NTT DATA’s expertise in cybersecurity, compliance, and AI deployments.

The joint initiative aims to unify three often-disparate components: cryptography, compliance, and data protection. In addition to covering common scenarios—data at rest and in transit—the solution emphasizes an increasingly critical third layer: data in use, through confidential computing that encrypts and isolates information while being processed. This allows companies to reduce risk surface, simplify audits, and plan their transition to threat-resistant algorithms in advance, a discipline encapsulated by the alliance in the key term: crypto agility.

“The cybersecurity resilience of the future is defined today. Transitioning to a post-quantum world requires rethinking how we protect data and digital trust,” emphasizes María Pilar Torres Bruna, Head of Cybersecurity at NTT DATA Iberia, International Organizations, LATAM, and Consulting in Benelux & France. “We want to support our clients to make a secure shift towards resistant cryptographic schemes.”

What does “cryptography as a service” (CaaS) mean in 2025?

NTT DATA’s CaaS with Fortanix goes beyond offering cryptographic modules in the cloud. It is conceived as a governance and execution layer that:

• Centralizes key management and encryption policies across public clouds (AWS, Azure, Google Cloud) and on-premises.
• Orchestrates the cryptographic lifecycle (key creation, rotation, revocation) and standardizes its use for multicloud applications and data.
• Integrates tokenization and format-preserving encryption to safeguard data without disrupting existing processes or legacy schemas.
• Adds confidential computing enclaves so data remains protected in use during AI training, inferencing, or sensitive processing.
• Provides a framework for crypto agility: cataloguing algorithms, detection of vulnerabilities, and migration to post-quantum resistant standards through a technology roadmap.

The goal is twofold: to reduce friction in security — with a common console and policies — and to raise the bar for protection against current risks (leakages, fraud, compliance) and future threats (quantum computing).

The technical piece: Fortanix + NTT DATA

Fortanix Data Security Manager is the core of the technological offering. Its value proposition is in unifying data security—at rest, in transit, and in use—through confidential computing: encrypting and isolating data in enclaves during processing, whether in local environments or cloud and AI scenarios. Based on this foundation, the architecture provides centralized visibility and policy control, with reports and proof points that simplify audits and compliance.

NTT DATA adds the end-to-end service: maturity assessment in data security, roadmap design for crypto agility, platform implementation, and ongoing managed services. The methodology prioritizes starting with discovery and mapping (what algorithms, keys, and dependencies systems use), then moving on to standardization (policies, rotations, controls), and concurrently planning the transition to post-quantum schemes with pilots, proof-of-concept phases, and gradual deployment.

“Enterprises — especially in regulated sectors — face pressure to protect sensitive data in an evolving AI environment and simultaneously prepare their infrastructure for the quantum era,” explains Sheetal Mehta, Head of Cybersecurity at NTT DATA, Inc. “This alliance enables us to combine capabilities to mitigate risks in complex environments, drive innovation with AI, and advance with crypto agility against post-quantum threats.”

Why does this matter now: AI, regulation, and post-quantum

AI is reshaping how data is captured, moved, and processed: increased flows, more machine-to-machine access, temporary copies, and models that require data in use. Meanwhile, regulations are tightening: residency and sovereignty of data, minimization, privacy by design, and auditing evidence. Looking ahead, quantum computing challenges us to think in terms of resistant schemes, not tomorrow but today: crypto agility is the answer, enabling detection of weak algorithms and replacement without halting business.

“Organizations that do not prepare for the post-quantum era risk breaches, disruptions, sanctions, loss of competitiveness, and erosion of trust,” warns Cathy Huang, Senior Director of Research at IDC. The recommended strategy includes: cryptographic detection, risk assessment, migration roadmap, and adopting technologies to block attacks driven by quantum computing.

Key use cases of the new CaaS

The NTT DATA–Fortanix partnership articulates use cases that directly connect to real pain points:

1. Multicloud key management. Unified key management across AWS, Azure, Google Cloud, and on-premises, integrated with NTT DATA services.
2. Post-quantum readiness. Identify cryptographic vulnerabilities, define migration plans, and ensure continuity through the transition to resistant standards.
3. Sovereignty and public sector. Ensuring data residency with geofencing and key custody, backed by NTT DATA’s regulatory expertise.
4. Secure AI and machine learning environment. Processing sensitive data in enclaves (confidential computing), ensuring privacy throughout the AI lifecycle.
5. HSM as a service. Centralized management of keys and digital assets without maintaining own hardware.
6. Tokenization and format-preserving encryption. Protecting PII and financial data without breaking workflows or format dependencies, critical in regulated sectors.

While the solution is transversal, the alliance prioritizes industries with strict regulatory frameworks: finance, healthcare, public administration, and telecoms.

What security and data teams gain

• A common control layer for keys, policies, and encryption across all environments, reducing silos and ad hoc configurations.
• Full visibility into the cryptographic inventory (algorithms, usages, expirations) and the ability to act on rotations and replacements through orchestration.
• Confidential computing for AI and analytics use cases requiring exposure of data in use, with isolation and encryption during processing.
• Evidence and reports that simplify audits and ensure regulatory compliance (residency, privacy, sector-specific).
• Crypto agility: transitioning from “waiting” to managing the move to post-quantum standards.

“AI, cloud, regulations, and post-quantum challenges are redefining data protection,” summarizes Anand Kashyap, CEO and cofounder of Fortanix. “Our partnership with NTT DATA gives companies the ability to manage cryptographic risks proactively with confidential computing.”

What a typical engagement looks like

NTT DATA envisions an integrated lifecycle:

1. Data security maturity assessment: inventory of cryptography, risk surfaces, compliance status, and gap analysis against objectives.
2. Crypto agility roadmap: risk and impact-based prioritization, selection of resistant standards, scheduling, and dependencies.
3. Implementation of Fortanix Data Security Manager: unification of keys, policies, tokenization, enclaves, and multicloud/on-prem connectors.
4. Managed services: ongoing operations, rotations, reports, audit support, and an updated post-quantum transition plan.

How does this alliance benefit CIOs and CISOs?

• Less complexity — one platform and methodology instead of islands.
• More control — unified policies, inventory, and evidence.
• More future-proofing — crypto agility and confidential computing for AI.
• Reduced risk — sovereignty, compliance, and migration continuity.

For organizations with data spread across clouds and on-premise, and with a growing pipeline of AI use cases, this proposal fits as a transversal layer that organizes, protects, and prepares without hindering innovation.

Conclusion: unified data security… and ready for the next leap

The global NTT DATA–Fortanix partnership delivers a powerful message: data security cannot remain fragmented if a company aims to scale AI and prepare for what’s coming. Cryptography as a service, confidential computing, and crypto agility are no longer lab concepts; they are operational tools to protect rest, in transit, and in use data, ensure compliance, and facilitate a seamless transition to resilient standards with order and no downtime.

By consolidating technology, services, and methodology, the partnership offers a practical path: inventory and govern today so that tomorrow’s post-quantum transition can be managed and AI remains secure by design.

FAQs (Frequently Asked Questions)

What is “cryptography as a service (CaaS)” and how does it compare to managing keys myself?
CaaS is a managed layer that centralizes keys, policies, and encryption across multicloud and on-prem. It provides visibility, orchestration (creation, rotation, revocation), tokenization, and audit evidence, reducing silos and manual configurations that increase risk.

What is “confidential computing” and why is it important for AI?
It’s a technology that isolates and encrypts data during processing (data in use) using enclaves. In AI, it enables training or inferencing with sensitive data without exposing it in plain text, maintaining privacy and regulatory compliance throughout the entire lifecycle.

What is “post-quantum crypto agility” and where should we start?
It’s the capacity to detect weak algorithms, replace them with resistant schemes, and migrate seamlessly without disrupting operations. A good starting point is an inventory of cryptography, a risk assessment, and a migration roadmap (including pilots, validation, and gradual rollout).

Which sectors are best suited for this NTT DATA-Fortonix solution?
Although it is cross-sector, the focus is on finance, healthcare, public sector, and telecommunications, where regulatory frameworks demand residency, privacy, traceability, and evidence at all times, and where AI and multicloud use cases are widespread.

How does this alliance support data sovereignty?
By means of geofencing, key custody, and centralized controls, ensuring data and its encryption reside and are processed where regulatory requirements specify. It also provides reports and evidence for audits and oversight.

Core idea: with CaaS, confidential computing, and crypto agility, NTT DATA and Fortanix offer a unified data security approach that enables innovating with AI while preparing for the post-quantum era without losing control or speed.

via: nttdata