Maintain full control of your sensitive cloud data and applications with nCipher BYOK for Azure. Watch our quick overview video to learn how it works

Microsoft Azure Key Vault safeguards the critical cryptographic keys used in the cloud to keep your data secured. Used with Microsoft Azure Information Protection (AIP), the data exchanged within your collaborative work environment is protected by embedding enforceable security policies right on the data assets, regardless of the data type.

Deployed around the world in Azure data centers, nCipher nShield hardware security modules (HSMs) safeguard and manage your keys in the cloud. To give you greater control, nCipher enables you to create, hold, and transfer your own keys for use with Azure Key Vault in the cloud or on your own premises

Cloud Based: Microsoft AIP with Bring Your Own Key (BYOK

SWhen using AIP, you don’t have to give up control of the key securing your data in the cloud. AIP uses nCipher HSMs in such a way that you can ensure that your keys are always under your control and never visible to Microsoft.

On Premises: Microsoft AIP with Hold Your Own Key (HYOK)

While most content can be served by securely stored keys in Azure, some sensitive content can never be shared or transmitted outside your own security perimeter. The security for this sensitive content needs to be on-premises only, with very limited access and sharing.

To manage your most sensitive data within your own security perimeter, AIP offers the HYOK option that is enabled by an on-premises component, with key management provided through a nCipher hardware security module (HSM).

Cloud

Control the critical keys securing your sensitive data in the cloud

As a cloud service, you can run Azure Information Protection (AIP) on-demand without IT infrastructure, and ensure that your data is protected across organizational boundaries. AIP employs cryptography to deliver controlled access and persistent protection to your data. The security of AIP depends on the level of protection given to the critical cryptographic key. The exposure of the cryptographic key can compromise your sensitive data. To ensure security, you can choose to protect your key within a robust boundary using nCipher hardware security modules (HSMs). The nCipher HSMs generate, safeguard, and manage the key independent of the software environment.

Enhanced security – nCipher high assurance for Azure Key Vault

nCipher has an unparalleled 40-year history in delivering data protection solutions to security-conscious businesses, governments, and technology vendors including critical key management solutions for some of the most demanding security organizations in the world. As experts in the field, nCipher products and services provide high assurance security so customers can make effective use of cryptographic protection. Now nCipher is facilitating how you retain control of your keys when you use Azure Key Vault.

What are HSMs?

HSMs are high-performance cryptographic devices designed to generate, safeguard and manage sensitive key material. nCipher nShield HSMs maintain your keys securely locked and usable only within the protected boundary. This enables you to maintain custody of your keys and visibility over their use.

Why use nCipher nShield HSMs with Azure Key Vault?

nCipher nShield HSMs ensure that your key is always under your control and never visible to Microsoft. The capability neutralizes the perception that sensitive data maintained in the cloud is vulnerable because the cloud can only be a shared service with a shared security infrastructure.

Security properties of Azure Key Vault

Azure Key Vault offers you multiple levels of control. The Azure Key Vault keys becomes your tenant keys, and you can trade off the level of control you desire versus cost and effort.

1. By default, Azure Key Vault generates and manages the lifecycle of your tenant keys
2. As an option, the bring your own key (BYOK) capability lets you generate your tenant keys on your premises
3. For additional security, near-real time usage logs allow you to see exactly how and when your keys are being used

How it works

nCipher nShield HSMs create a locked cage protecting your tenant keys. You can cache the tenant keys securely from your nCipher nShield HSM in your possession to a nCipher nShield HSM in Microsoft's Azure data center – without leaving the FIPS compliant security boundary created by the HSMs. The tenant keys are protected while in Microsoft's data centers – secured within a carefully designed cryptographic boundary that employs robust access control mechanisms that let you enforce separation of duties to ensure the keys are only used for their authorized purpose.

BYOK

BYOK for Azure Key Vault allows you to match the security properties of an on-premises environment. It enables you to generate your own tenant keys on your premises per your IT policies, and transfer your tenant keys securely to the cloud-based nCipher nShield HSM hosted by Microsoft.

Hosted HSM validation

To ensure that the hosted HSM is an authorized nCipher nShield HSM, the Azure Key Vault BYOK facility provides you a mechanism to validate its certificate. The capability enables you to verify that the key encryption key used to secure the upload of your tenant key was indeed generated in a nCipher nShield HSM.

Tenant key usage logs

To ensure that the cloud service is being used strictly on your terms, Azure Key Vault allows you to sign up to receive near-real time usage logs. The capability enables you to know exactly how and when your key is used by Azure Key Vault. This gives you total visibility over the managed service.

For Below Every Solution Kindly Put Connect with Us Page to fill the Form and submit the Page…..