Hardware Security Module Azure

This scenario often is referred to as bring your own key byok.

Hardware security module azure.

Azure key vaults may be either software or hardware hsm protected. A hardware security module hsm is a physical computing device used to safeguard and manage cryptographic keys. Microsoft uses ncipher hardware security modules. For added assurance when you use azure key vault you can import or generate a key in a hardware security module hsm.

Manage and maintain administrative and cryptographic control of your hardware security modules in azure with azure dedicated hsm. For added assurance when you use azure key vault you can import or generate keys in hardware security modules hsms that never leave the hsm boundary. What is a general purpose hardware security module hsm. This scenario is often referred to as bring your own key or byok.

Azure key vault uses ncipher nshield family of hsms fips 140 2 level 2 validated to protect your keys. Keys stored in hsms can be used for cryptographic operations. For situations where you require added assurance you can import or generate keys in hardware security modules hsms that never leave the hsm boundary. Azure dedicated hsm enables you to keep full administrative and cryptographic control over the hardware security modules hsms that process their encryption keys and meet compliance requirements for several industry standards and regulations such as fips 140 2 level 3 gdpr hipaa pci dss and eidas while also meeting the demanding latency and throughput requirements for their applications.

Some hardware security modules hsms are certified at various fips 140. The microsoft azure dedicated hardware security module hsm service provides cryptographic key storage in azure and meets the most stringent customer security and compliance requirements. Azure dedicated hsm is a cloud based service that provides hsms hosted in azure datacenters that are directly connected to a customer s virtual network. Hardware security modules hsms provide a hardened tamper resistant environment for secure cryptographic processing key generation and protection encrypt.

Key vault uses the ncipher nshield family of hsms fips 140 2 level 2 validated to protect your keys. Learn more about dedicated hsm pricing. Azure dedicated hsm hardware security module is a cloud based service that provides hsms hosted in azure datacenters that are directly connected to a customers virtual network. Hardware security modules hsms are hardened tamper resistant hardware devices that strengthen encryption practices by generating keys encrypting and decrypting data and creating and verifying digital signatures.

This service is the ideal solution for customers requiring fips 140 2 level 3 validated devices with complete and exclusive control of the hsm appliance. These are dedicated network hsm appliances gemalto s safenet network hsm 7 fips 140 2 level 3 available in a customers private ip address space. Azure dedicated hsm allows you to do key management on a hardware security module that you control in the cloud.