The HSM On Demand service provides root of trust for storage of keys used in Microsoft SQL so that encryption keys do not reside with encryption data. Data can be encrypted by using encryption keys that only the database user has access to on in the HSM on Demand service and cryptographic operations such as key creation, encryption, decryption, etc. can be offloaded to the HSM.
In conjunction with the HSM on Demand services from Thales Data Protection on Demand, users can ensure secure storage of keys and cryptographic operations such as key creation, deletion, encryption, and decryption, using the Extensible Key Management (EKM) feature. Data can be encrypted by using encryption keys that only the database user has access to on the external EKM/HSM module.
- Off-load Microsoft SQL Server cryptographic operations to an HSM
- Ensure integrity of Microsoft SQL Server cryptographic operations
- Protect the private keys associated with your Microsoft SQL Server application
- Cloud/on-premises/hybrid agnostic
- Prevent fraudulent activity
- Prevent theft or compromise of private keys
- Enhance security and ensure compliance