Enhanced Security and Control Over Sensitive Data in Microsoft Azure
It is best practice to maintain control and own the keys used to encrypt sensitive data in all applications. This is especially true for Microsoft 365, the productivity suite of choice for most enterprises as it permits online collaboration.
Today’s remote working environment relies heavily on sharing information, which challenges organizations to maintain security of confidential data and regulatory compliance, while driving employee productivity.
Organizations in highly-regulated industries such as financial services, government and healthcare can comply with regulations such as GDPR, HIPAA and Schrems II, and leverage Thales Luna HSMs with Double Key Encryption (DKE) for Microsoft 365.
Luna Key Broker for Microsoft DKE for Security & Control
Thales Luna HSMs and Double Key Encryption for Microsoft 365 work together to enable organizations to protect their most sensitive data while maintaining full control of their encryption keys. The solution uses two keys to protect data. One key is in the customer’s control in a FIPS 140-2 Level 3 validated Luna HSM and a second key, which is stored securely in Microsoft Azure. Both keys are required to access protected data, ensuring that Microsoft and other third parties never have access to the protected data on their own.
Luna Key Broker for Microsoft DKE provides a secure foundation of trust for the double key encryption process. It gives organizations sole control over who has permission to access keys to decrypt protected data and provides them with enhanced data protection capabilities, including:
- Key Life Cycle Management: Securely generate, store, and protect encryption keys in a FIPS 140-2 level 3 validated Luna HSM outside of Microsoft Azure.
- Meeting Security and Compliance: Help meet internal policy and compliance mandates including regulations such as GDPR, HIPAA and Schrems II, by ensuring master encryption keys are held in a Luna HSM separate from where sensitive data resides.
- Flexible Deployment Options: Luna Key Broker for Microsoft DKE can be deployed either in the cloud, on-premises or across hybrid environments. The solution works with Luna Network HSMs and Luna Cloud HSMs.
Thales can help organizations assess and define their DKE strategy including integration and deployment. Organizations will need a Thales Luna HSM (on-premises or Luna Cloud HSM service), and the Luna Key Broker for Microsoft DKE for this solution.