Data loss, increasing compliance requirements such as GDPR, and recurring security breaches increase companies' pressure to encrypt sensitive data better. Not only does the encryption of data using cryptographic keys play a significant role, but so does the storage, backup, and organization of those keys. If the keys are not securely stored, protected, and retrieved, the data will be unprotected, easily accessible and there will be no segregation of control. So, your data is only as secure as your encryption keys are.
Nowadays, you can often find highly sensitive data in the content of documents stored in the Microsoft 365 cloud. Encryption of records in the Microsoft Azure cloud is often overlooked and requires more attention from a company's compliance department.
Securosys 365 Double Key Encryption (DKE) addresses this issue: Using Double Key Encryption (DKE), any Microsoft 365 document encrypted by default with Microsoft managed keys is additionally encrypted with a new key. The document can only be viewed and accessed with both keys, similar to the dual control principle. In addition, Securosys offers “Bring Your Own Key” (BYOK), which allows users to securely transfer their key to the Microsoft Azure Key Vault instead of using the Microsoft-managed encryption key.
With the help of CloudHSM, the additional key of Securosys 365 DKE is under the exclusive control of the customer and is securely stored in Securosys CloudHSM. The files remain inaccessible to Microsoft or Securosys. Securosys Azure Bring Your Own Key (BYOK) enables the secure transfer of keys to the Microsoft Azure Key Vault, which have been securely generated on your CloudHSM by Securosys.
Digital keys should be stored and managed in a tamper-proof and secure manner. CloudHSM offers the possibility to host your keys by professional employment of a cluster.
