Thales background banner

Luna Key Broker for Microsoft Double Key Encryption (DKE)

Enhanced security and control over sensitive data in Microsoft Azure

It is best practice to maintain control and own the keys used to encrypt sensitive data in all applications. This is especially true for Microsoft 365, the productivity suite of choice for most enterprises as it permits online collaboration.

Today’s remote working environment relies heavily on sharing information, which challenges organisations to maintain security of confidential data and regulatory compliance, while driving employee productivity.

Organisations in highly-regulated industries such as financial services, government and healthcare can comply with regulations such as GDPR, HIPAA and Schrems II, and leverage Thales Luna HSMs with Double Key Encryption (DKE) for Microsoft 365.

Luna Key Broker for Microsoft DKE for security & control

Thales Luna HSMs and Double Key Encryption for Microsoft 365 work together to enable organisations to protect their most sensitive data while maintaining full control of their encryption keys. The solution uses two keys to protect data. One key is in the customer’s control in a FIPS 140-2 Level 3 validated Luna HSM and a second key, which is stored securely in Microsoft Azure. Both keys are required to access protected data, ensuring that Microsoft and other third parties never have access to the protected data on their own.

Luna Key Broker for Microsoft DKE for security & control

Luna Key Broker for Microsoft DKE provides a secure foundation of trust for the double key encryption process. It gives organisations sole control over who has permission to access keys to decrypt protected data and provides them with enhanced data protection capabilities, including:

  • Key Life Cycle Management: Securely generate, store and protect encryption keys in a FIPS 140-2 level 3 validated Luna HSM outside of Microsoft Azure.
  • Meeting Security and Compliance: Help meet internal policy and compliance mandates including regulations such as GDPR, HIPAA and Schrems II, by ensuring master encryption keys are held in a Luna HSM separate from where sensitive data resides.
  • Flexible deployment options: Luna Key Broker for Microsoft DKE can be deployed either in the cloud, on-premises or across hybrid environments. The solution works with Luna Network HSMs and Luna Cloud HSMs.

Thales can help organisations assess and define their DKE strategy including integration and deployment. Organisations will need a Thales Luna HSM (on-premises or Luna Cloud HSM service) and the Luna Key Broker for Microsoft DKE for this solution.

Related resources

Luna Key Broker for Microsoft Double Key Encryption (DKE) - Solution Brief

Luna Key Broker for Microsoft Double Key Encryption (DKE) - Solution Brief

Today’s remote working environment relies heavily on the collaborative sharing of information, challenging organizations to maintain the security of confidential data and regulatory compliance while driving employee productivity. For organizations in highly regulated...

Protecting Sensitive Data with Luna Key Broker for Double Key Encryption - Webinar

Protecting Sensitive Data with Luna Key Broker for Double Key Encryption - Webinar

For organizations in highly-regulated industries such as financial services, government and healthcare, they can now leverage Thales Luna HSMs and Luna Cloud HSMs with Double Key Encryption (DKE) for Microsoft 365 and comply with regulations such as HIPAA, PCI DSS, GDPR and...