nShield Bring Your Own Key

nCipher nShield BYOK uses certified Hardware Security Modules (HSMs) to strengthen the security of your sensitive data in the cloud and puts you in control of your keys.

With nShield Bring Your Own Key (BYOK), you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys.

With Microsoft Azure and Office356 you benefit from your local security world architecture, as it can be securely expanded to the Microsoft data centers. Keys that are generated and managed locally can be used for cloud encryption.

Watch our Video Bring Your Own Key with nCipher and Microsoft Azure, to see how nShield BYOK can strengthen your cloud key management practices.

Download our Solution Brief, nShield Bring Your Own Key, to learn more about how nShield BYOK gives you greater control over your keys.

Customer Data Securely Stored in the Cloud

The Cloud Guidelines – A guide to secure cloud banking issued by the Swiss Bankers Association (SBA) outlines under what circumstances Swiss financial institutions may transfer customer data into the cloud, provided that BYOK is used (see page 14, top, Heading Encryption).

Bring Your Own Key with Azure Cloud Services

Deployed around the world in Azure data centers, nCipher nShield hardware security modules safeguard and manage your keys in the cloud. nCipher puts you in control, enabling you to create and transfer your own key for use with Microsoft Azure Key Vault.


MS Azure Business App diagram


When using Microsoft Azure, you don’t have to give up control of the key securing your data in the cloud. Key Vault enables you to protect the keys in a nCipher FIPS 140-2 certified hardware security modules (HSMs) managed by Microsoft.

For added assurance, a “bring your own key” (BYOK) capability is available that enables you can create and import your own keys from your own nCipher HSM you keep at your premises. This ensures that keys are generated by you, they never leave the protected HSM boundary, and they are never visible to Microsoft.

Security Properties of Azure Key Vault

Azure Key Vault offers you multiple levels of control. The Key Vault server key becomes your key in Azure and you can trade off the level of control you desire versus cost and effort

  • By default, Azure generates and manages the lifecycle of your key
  • As an option, a unique Bring Your Own Key (BYOK) capability lets you generate your key on premises
  • For additional levels of security, near-real time usage logs allow you to see exactly how and when your key is being used.


info@ergonomics.ch | sales@ergonomics.ch 


+41 58 311 1000



Headquarters Zürich

Ergonomics AG | Nordstrasse 15 | CH-8006 Zürich | Switzerland