nShield HSMs support the new Microsoft service with robust cryptography, enabling organizations to extend control and security over their most sensitive data in Microsoft 365.
Double Key Encryption (DKE) for Microsoft 365 protects a company’s highly sensitive data using two component keys – one key that is in the customer’s control and a Microsoft key stored securely in Microsoft Azure.
With this new integration, the customer’s key is generated and protected using a robust FIPS 140-2 Level 3 and Common Criteria EAL4+ certified nShield HSM and used to encrypt the organization’s sensitive data. The data is then encrypted again with a key provided by Microsoft.
“CISOs, security architects and auditors are focused on maintaining compliance and protecting sensitive data across their organizations, so establishing a strong root of trust that anchors the security of that data within Microsoft 365 is critical for continued cloud adoption.
“Without proper controls and robust cryptography, customers may be hesitant to store their most sensitive data in the cloud,” said David Low, Vice President of Professional Services at Entrust.
“Enabling customers to have full control over their cloud data with a secondary key – much like you do at your bank with a safe deposit box – is vital to establish that confidence and protecting the customer key then becomes critical.
“nShield HSMs provide that strong root of trust and ensure that the customer key is always protected and under the control of the customer.”
Whether deployed on premises or as-a-service, Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial, and government organizations.
The purpose-built hardware devices are designed to generate, safeguard and manage cryptographic keys on behalf of applications.
The unique nShield Security World key management architecture enforces important separation of duties with dual-controls that segregate security functions from administrative responsibilities.
The addition of certified Entrust nShield HSMs to Microsoft Double Key Encryption service accelerates cloud adoption and facilitates auditing and regulatory compliance.
“For customers operating in highly regulated industries, Double Key Encryption provides an extra layer of protection for their most mission-critical data,” said Benjy Levin, Program Manager, Microsoft Security at Microsoft Corp.
“Double Key Encryption for Microsoft 365 enhances the depth of protection for highly sensitive data to meet specialized requirements, while helping these customers to move to the cloud with greater confidence.
“The integration of Entrust nShield HSMs with Double Key Encryption delivers the additional security capabilities and trust required for continued cloud adoption.”
As a Microsoft Gold Partner, Entrust nShield HSMs have helped companies maintain strong controls over their encryption keys for Microsoft applications for more than two decades including SQL Server, Active Directory Certificate Services as well as having pioneered with Microsoft Bring Your Own Key (BYOK) to Azure Key Vault and Microsoft 365.