nCipher Security, an Entrust Datacard company, announces its support for new key import method (BYOK) for Azure Key Vault, allowing customers to generate and transfer encryption keys to Azure Key Vault using an on-premises or as a service nShield HSM, giving them complete control over both their keys and their data security.
While cloud service providers follow best practices to protect data, subscribers are still ultimately responsible for the security of their data in the cloud. Azure Key Vault helps safeguard cryptographic keys and secrets that cloud applications and services use.
This latest release of BYOK extends the capability to generate and transfer keys to Azure Key Vault using HSMs from multiple vendors.
“Microsoft and nCipher pioneered Bring Your Own Key (BYOK) to offer customers control over keys they use in the cloud for data encryption and other cryptographic applications.” says Amit Bapat, Product Manager for Azure Key Vault at Microsoft.
“Over 60 Microsoft cloud services support encryption of customers’ data with keys that they BYOK into Azure Key Vault. We are happy to announce a new BYOK method that offers Azure customers more flexibility and better automation for importing their keys into Key Vault. In addition, it is based on open standards which will allow customers to import keys from any HSM.”
“nCipher welcomes Microsoft’s step to give customers greater choice and is proud to support the new release of Azure BYOK with nShield HSMs,” says Cindy Provin, General Manager, nCipher Security and SVP, Entrust Datacard.
“BYOK and the use of HSMs protect both the consumer and the cloud provider, and provide the confidence to trust the cloud service with an organization’s most valuable assets. As organizations focus on moving their sensitive data and applications to the cloud, retaining control and sound key management take center stage.
“We believe that encryption keys belong to the customer, not the HSM vendor. Our unique Security World key management architecture ensures that customers are always in control of their keys and are not locked to an HSM vendor.”
nCipher nShield HSMs and nShield as a Service are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial and government organizations.
The unique Security World key management architecture provides strong, granular controls over the access and usage of key policies.
Having pioneered BYOK with Microsoft since 2013, nCipher continues to support the existing BYOK, now named nCipher BYOK, and is the only HSM vendor to support both BYOK options. Leveraging its Security World key management architecture, nCipher is also the only vendor to provide key attestation capabilities that validate provenance.
Benefits of using nShield HSMs with Azure BYOK include:
- Help enable compliance with regional data sovereignty requirements
- Deliver greater control of applications and data in the cloud
- Provide FIPS 140-2 Level 3 root of trust