Using Azure Cloud Based Services on Your Terms

Microsoft Azure Key Vault safeguards the critical cryptographic keys used in the cloud to keep your data secured. A growing number of Microsoft services and vendor applications now consume Azure Key Vault and can benefit from BYOK.

Deployed around the world in Azure data centers, nCipher nShield hardware security modules (HSMs) safeguard and manage your keys in the cloud. To give you greater control, nCipher enables you to create, hold, and transfer your own keys for use with Azure Key Vault in the cloud or on your own premises.

HSMs are high-performance cryptographic devices designed to generate, safeguard and manage sensitive key material. nCipher nShield HSMs maintain your keys secure and usable only within the protected boundary. This enables you to maintain custody of your keys and visibility over their use.

nCipher nShield HSMs ensure that your keys are always under your control and never visible to Microsoft. The capability mitigates the perception that sensitive data maintained in the cloud is vulnerable.

nCipher nShield HSMs create a locked cage protecting your tenant keys. You can cache the tenant keys securely from your on-site nCipher nShield HSM to an nCipher nShield HSM in Microsoft's Azure data center – without leaving the FIPS compliant security boundary created by the HSMs. The tenant keys are protected while in Microsoft's data centers – secured within a carefully designed cryptographic boundary that employs robust access control mechanisms to allow you to enforce separation of duties and ensure the keys are only used for their authorized purpose.


Cloud Based: Microsoft Azure Key Vault with Bring Your Own Key (BYOK)

When using Azure Key Vault, you don’t have to give up control of the key securing your data in the cloud. Azure Key Vault uses nCipher HSMs so you can ensure that your keys are always under your control and never visible to Microsoft.

As a cloud service, you can run Azure Key Vault on-demand without incremental IT infrastructure, and ensure that your data is protected across organisational boundaries. Azure Key Vault employs cryptography to deliver controlled access to and persistent protection for your data. Security depends on the level of protection given to the critical cryptographic key. Exposure of the cryptographic key can compromise your sensitive data. To ensure security, you can choose to protect your key within a robust boundary using nCipher nShield hardware security modules (HSMs). nShield HSMs generate, safeguard, and manage the key independent of the software environment.

On Premises: Microsoft Azure Information Protection (AIP) with Hold Your Own Key (HYOK)

While most content can be served by securely stored keys in Azure, some sensitive content can never be shared or transmitted outside your security perimeter. The security for this sensitive content needs to be physically on-premises only, with very limited access and sharing.

To manage your most sensitive data within your security perimeter, AIP offers the HYOK option that is enabled by an on-premises physical component, with key management provided through an nCipher nShield hardware security module (HSM).

While most content can be served by securely stored keys in Azure Key Vault, some sensitive content can never be shared or transmitted outside your own security perimeter. The security for this sensitive content needs to be physically on-premises only, with very limited access and sharing. To manage your most sensitive data within your own security perimeter, AIP offers hold your own key (HYOK) that is enabled by an on-premises physical component, with key management provided through nCipher hardware security modules (HSMs).

Not sure what best fits your organization?

Or would you like to know more about securing your Azure data? Please fill in the form below and we shall revert back.

Thank you! Your submission has been received! We shall reach out to you soon.
Oops! Something went wrong while submitting the form.