Hardware Security Modules Azure

A hardware security module hsm is a physical computing device used to safeguard and manage cryptographic keys.

Hardware security modules azure.

Azure dedicated hsm hardware security module is a cloud based service that provides hsms hosted in azure datacenters that are directly connected to a customers virtual network. These modules traditionally come in the form of a plug in card or an external device that attaches directly to a computer or network server. The key material stays safely in tamper resistant tamper evident hardware modules. Azure dedicated hsm enables you to keep full administrative and cryptographic control over the hardware security modules hsms that process their encryption keys and meet compliance requirements for several industry standards and regulations such as fips 140 2 level 3 gdpr hipaa pci dss and eidas while also meeting the demanding latency and throughput requirements for their applications.

These are dedicated network hsm appliances gemalto s safenet network hsm 7 fips 140 2 level 3 available in a customers private ip address space. For situations where you require added assurance you can import or generate keys in hardware security modules hsms that never leave the hsm boundary. Learn more about dedicated hsm pricing. Manage and maintain administrative and cryptographic control of your hardware security modules in azure with azure dedicated hsm.

These cryptographic keys are used to encrypt and decrypt virtual disks attached to your vm. Keys stored in hsms can be used for cryptographic operations. Microsoft uses ncipher hardware security modules. A hardware security module hsm is a physical computing device that safeguards and manages digital keys performs encryption and decryption functions for digital signatures strong authentication and other cryptographic functions.

Azure key vault provides solutions to address the following problems. Azure dedicated hsm allows you to do key management on a hardware security module that you control in the cloud. The microsoft azure dedicated hardware security module hsm service provides cryptographic key storage in azure and meets the most stringent customer security and compliance requirements. Azure key vaults may be either software or hardware hsm protected.

Cryptographic keys are stored in azure key vault using software protection or you can import or generate your keys in hardware security modules hsms certified to fips 140 2 level 2 standards. Secrets management key management and certificate management. You can use ncipher tools to move a key from your hsm to azure key vault. This service is the ideal solution for customers requiring fips 140 2 level 3 validated devices with complete and exclusive control of the hsm appliance.

Dedicated hsm meets the most stringent security requirements. Azure key vault uses ncipher nshield family of hsms fips 140 2 level 2 validated to protect your keys. This scenario is often referred to as bring your own key or byok.