Hardware Security Modules Azure

This scenario is often referred to as bring your own key or byok.

Hardware security modules azure.

These cryptographic keys are used to encrypt and decrypt virtual disks attached to your vm. Learn more about dedicated hsm pricing. A hardware security module hsm is a physical computing device that safeguards and manages digital keys performs encryption and decryption functions for digital signatures strong authentication and other cryptographic functions. Microsoft uses ncipher hardware security modules.

Dedicated hsm meets the most stringent security requirements. Azure dedicated hsm allows you to do key management on a hardware security module that you control in the cloud. The key material stays safely in tamper resistant tamper evident hardware modules. Manage and maintain administrative and cryptographic control of your hardware security modules in azure with azure dedicated hsm.

For added assurance when you use azure key vault you can import or generate keys in hardware security modules hsms that never leave the hsm boundary. You can use ncipher tools to move a key from your hsm to azure key vault. These modules traditionally come in the form of a plug in card or an external device that attaches directly to a computer or network server. These are dedicated network hsm appliances gemalto s safenet network hsm 7 fips 140 2 level 3 available in a customers private ip address space.

Secrets management key management and certificate management. A hardware security module hsm is a physical computing device used to safeguard and manage cryptographic keys. There is no charge for encrypting virtual disks in azure. This service is the ideal solution for customers requiring fips 140 2 level 3 validated devices with complete and exclusive control of the hsm appliance.

For situations where you require added assurance you can import or generate keys in hardware security modules hsms that never leave the hsm boundary. Azure key vault uses ncipher nshield family of hsms fips 140 2 level 2 validated to protect your keys. Cryptographic keys are stored in azure key vault using software protection or you can import or generate your keys in hardware security modules hsms certified to fips 140 2 level 2 standards. The microsoft azure dedicated hardware security module hsm service provides cryptographic key storage in azure and meets the most stringent customer security and compliance requirements.

Azure key vault provides solutions to address the following problems. Keys stored in hsms can be used for cryptographic operations. Azure dedicated hsm enables you to keep full administrative and cryptographic control over the hardware security modules hsms that process their encryption keys and meet compliance requirements for several industry standards and regulations such as fips 140 2 level 3 gdpr hipaa pci dss and eidas while also meeting the demanding latency and throughput requirements for their applications.