Thales is pleased to announce the general availability of the new Bring Your Own Key (BYOK) solution for Microsoft Azure Key Vault using Luna HSMs.
Thales Luna HSM customers can create encryption keys in their own environment and then securely bring those HSM-protected keys directly into Azure Key Vault for use. This provides customers with enhanced control and security over encryption keys used by Azure Services and applications running in the cloud, while ensuring keys are kept separate from where their sensitive data resides. This solution helps customers strengthen their security and key management practices, by giving them greater control over the durability of imported key material as they maintain the original version of the keys in their on-premises Luna HSM, outside of Azure Key Vault.
Features & Benefits:
- Keys generated on-premises by Luna HSMs are securely imported for use in Azure Vault via the Luna HSM BYOK Utility — ensuring the keys never leave the secure confines of the Luna HSM or Key Vault in plain text format
- Once keys are imported customers are able to use and leverage the Azure cloud in the same manner as Azure generated keys
- Ensure protection of imported keys to Azure in an external FIPS 140-2 Level 3 tamper-proof hardware
- Ability to archive a copy of the generated keys – retaining a copy for future audit or data migration
- Enhance control over key lifetimes and usage to support your operational and compliance requirements in the cloud
- Supports multi-cloud uses cases, as customers are able to use the same key in multiple clouds
To learn more about this solution and a full list of features and benefits, please visit one of the resources listed below.
- Solution Brief: Available for download on the Thales Tech Partner page
- Thales Integration Guide: Microsoft Azure Key Vault BYOK
For additional questions about this BYOK solution please contact your local Thales Sales representative.