With nShield Bring Your Own Key (BYOK), you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys.
With Microsoft Azure and Office356 you benefit from your local security world architecture, as it can be securely expanded to the Microsoft data centers. Keys that are generated and managed locally can be used for cloud encryption.
Watch the Thales Video to see how nShield BYOK can strengthen your cloud key management with Microsoft Azure.
Download the Thales Solution Brief to learn more about how nShield BYOK gives you greater control over your keys.
Deployed around the world in Azure data centers, Thales nShield hardware security modules safeguard and manage your keys in the cloud. Thales puts you in control, enabling you to create and transfer your own key for use with Microsoft Azure Key Vault.
When using Microsoft Azure, you don’t have to give up control of the key securing your data in the cloud. Key Vault enables you to protect the keys in a Thales FISP 140-2 certified hardware security modules (HSMs) managed by Microsoft.
For added assurance, a “bring your own key” (BYOK) capability is available that enables you can create and import your own keys from your own Thales HSM you keep at your premises. This ensures that keys are generated by you, they never leave the protected HSM boundary, and they are never visible to Microsoft.
Security Properties of Azure Key Vault
Azure Key Vault offers you multiple levels of control. The Key Vault server key becomes your key in Azure and you can trade off the level of control you desire versus cost and effort