With nShield Bring Your Own Key (BYOK), you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys.
With Microsoft Azure and Office356 you benefit from your local security world architecture, as it can be securely expanded to the Microsoft data centers. Keys that are generated and managed locally can be used for cloud encryption.
Watch our Video Bring Your Own Key with nCipher and Microsoft Azure, to see how nShield BYOK can strengthen your cloud key management practices.
Download our Solution Brief, nShield Bring Your Own Key, to learn more about how nShield BYOK gives you greater control over your keys.
The Cloud Guidelines – A guide to secure cloud banking issued by the Swiss Bankers Association (SBA) outlines under what circumstances Swiss financial institutions may transfer customer data into the cloud, provided that BYOK is used (see page 14, top, Heading Encryption).
Deployed around the world in Azure data centers, nCipher nShield hardware security modules safeguard and manage your keys in the cloud. nCipher puts you in control, enabling you to create and transfer your own key for use with Microsoft Azure Key Vault.
When using Microsoft Azure, you don’t have to give up control of the key securing your data in the cloud. Key Vault enables you to protect the keys in a nCipher FIPS 140-2 certified hardware security modules (HSMs) managed by Microsoft.
For added assurance, a “bring your own key” (BYOK) capability is available that enables you can create and import your own keys from your own nCipher HSM you keep at your premises. This ensures that keys are generated by you, they never leave the protected HSM boundary, and they are never visible to Microsoft.
Security Properties of Azure Key Vault
Azure Key Vault offers you multiple levels of control. The Key Vault server key becomes your key in Azure and you can trade off the level of control you desire versus cost and effort