<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Protect your data now — and for the post-quantum era. Securosys CloudHSM supports PQC and hybrid cryptographic algorithms.

Start your Free Trial
Products & Solutions
Products & Solutions
Explore our portfolio of cutting-edge cybersecurity solutions, centered around our flagship Hardware Security Modules (HSMs). From encryption and key management to secure access and authentication, our products ensure robust protection for your most critical data and systems.
menu icon
Hardware Security Module (HSM)
HSM Overview What is an HSM? Primus HSM CyberVault (X2 Models) Primus HSM CyberVault Core (E2 Model) Primus HSM X-Series Primus HSM E-Series Primus HSM S-Series Primus HSM Blockchain Post-Quantum Cryptography HSM
menu icon
Cloud Security
Securosys CloudHSM Cloud Console What is CloudHSM? CloudHSM Service Offerings Integrated Technologies HashiCorp Vault S365 DKE - add-in for Microsoft 365 Bring Your Own Key (BYOK) External Key Store (XKS) Proxy for AWS Fortinet Fortigate Keyfactor EJBCA/SignServer
menu icon
Additional Products and Services
Decanus Terminal Transaction Security Broker (TSB) Key Attestation Smart Key Attributes (SKA) Docker Image Security
Partners
Partners
shield-people-colourful
Partners
Partner Directory
digital-data-finance-security-transactions-2
Integrations
Integrated Technologies HashiCorp Vault Fortinet FortiGate S365 DKE - adds in for Microsoft Bring Your Own Key (BYOK) External Key Store (XKS) - Proxy for AWS Keyfactor EJBCA/SignServer
Support
Support
menu icon
Support
Online Documentation Support Portal System Status Trainings
finance-institution-colourful
What is ...?
What is an HSM? What is CloudHSM? What is BYOK? What is SIC system?
About
About
Learn more about our mission, explore career opportunities, and access our resources. Discover how we’re shaping the future of cybersecurity and how you can be part of it.
menu icon
Securosys SA
About Us Events News Career
menu icon
Resources
Online Documentation Blog Articles Stories and Paper Video Gallery
document-lock-b&w
Certifications
Security Certifications Safety & Compliance Certifications Company Certification
Contact us
  • There are no suggestions because the search field is empty.

Challenge

One of the biggest challenges for professionals and organizations in the cloud era is ensuring the confidentiality of their private documents. With increasing frequency of data breaches in the cloud, data protection methods must evolve to meet compliance and regulatory standards. Organizations seek data sovereignty to prevent unauthorized access and ensure compliance with local laws. The main difficulty lies in maintaining control over data and mitigating cloud computing risks while keeping the process straightforward for end-users.

x-4

Solution

Effortlessly secure your data within Microsoft Office applications with Securosys 365 DKE. Encryption is key to protecting cloud data, and its effectiveness depends mostly on key management. Securosys 365 DKE functions similarly to a Cloud Access Security Broker (CASB), encrypting highly sensitive data on the client side before transferring it to the cloud. This ensures robust security and regulatory compliance with two encryption keys: one controlled by you and one stored in Azure.

The reference implementation from Microsoft for DKE has been significantly enhanced by Securosys for increased functionality, robustness, and enterprise alignment. Leveraging Securosys CloudHSM technology, it provides the highest grade of customer key protection. 

For the end-user, the process is as simple as selecting a sensitivity label for documents or emails. This action initiates a dual encryption process by Microsoft and Securosys, safeguarding data even in the event of breaches.

x-4

Key Benefits

shield-tools-locket-b&w
User-Friendly Management Panel
Effortlessly configure settings, manage keys (CRUD), and oversee DKE apps with the Securosys 365 DKE Console. Easily audit cryptographic operations.
computer- lock-shield-b&w
Ready to use
Securosys 365 DKE’s high-availability architecture allows for instant deployment within minutes
blocks-system-b&w
Seamless Integration with Microsoft Azure
Enjoy auto-provisioning of the DKE Endpoint Provider by customer DKE administrators, and seamless integration with Microsoft 365 Purview.
locket-2-b&w
Key Storage on HSM
Customer-controlled DKE keys are stored on FIPS 140-2 Level 3 and Common Criteria EAL4+ validated Securosys Primus HSMs.
shield-b&w
Robust Security and Compliance
Benefit from a high-availability architecture, 2-FA for the DKE Console, and ISO27001 certified service operations for maximum security.
Key Differentiators
Securosys 365 DKE in action

Fully Managed DKEaaS

Our solution can be deployed in your environment in an hour or less, providing immediate benefits and minimal disruption.

Highest Compliance Standards

Our solution adheres to stringent security standards. Keys are stored on FIPS 140-2 level 3 and Common Criteria EAL4+ validated HSMs, and our service operations are ISO 27000 certified, ensuring the highest data protection and compliance.

Globally Accessible

Securosys 365 DKE is available 24/7 as a cloud-based service, accessible from anywhere in the world.

Use Cases

colourful-background-patterns-14 Legal Services Safeguarding attorney-client privileged communication is paramount. By using secure communication channels and document management systems, you can ensure the confidentiality of legal contracts and strategies, providing your clients with the highest level of trust and security. Learn more colourful-background-patterns-11 Public Services and Government Safeguarding sensitive citizen data and maintaining the confidentiality of government documents is critical. Implementing secure digital platforms and access control measures ensures the privacy and integrity of public records, fostering trust and compliance with regulatory standards. Learn more colourful-background-patterns-13 Healthcare and Pharmaceutical Handling clinical trial results, while maintaining the confidentiality of patient records and drug development data is essential. Stringent access controls protect sensitive healthcare information, ensuring patient privacy and regulatory compliance. Learn more colourful-background-patterns-2 Media & Entertainment Securing exclusive content and distribution agreements is a priority for content producers. Implementing measures to prevent unauthorized access and leaks ensures compliance with NDA agreements, protecting your creative assets and maintaining trust with multiple agencies. Learn more colourful-background-patterns Defense & Aerospace Handling classified military plans means that rigorous security protocols are essential. Protecting aerospace technology blueprints and classified government contracts is critical, ensuring the utmost protection of this sensitive information and maintaining national security standards. Learn more
Seamlessly integrate Securosys 365 DKE into your existing
environment, ensuring your data remains secure and sovereign.
Step 1
Preparation
Check that you have the right technical infrastructure.
Step 2
Installation (30 min)
Install Azure Information Protection on your environment and link it to your Securosys365 tenant
Step 3
Configuration (1-4 hours)
Create & publish the new sensitivity labels
Contact Sales

Book a 30min-demo

Schedule a personalized demo to explore how our solutions can benefit your business. This session will provide a high-level overview, tailored to your needs, and give you the chance to ask any questions. If you need a more in-depth technical demonstration, we can arrange a follow-up with one of our experts.

If you prefer you can also watch the video below or  talk to sales by using our contact form.

 

Resources

Get Started Technical Factsheet Microsoft MIP/DKE Support portal Azure Market Place Learn more about DuoKey

FAQ

Why should I do a proof of concept?
A Proof of Concept for Securosys365 ensures a smooth integration, minimal disruption, and alignment with your expectations, allowing you to validate the effectiveness of our security product before widespread implementation within your organization.
What are the steps to install S365?
1.Preparation: 
  • Minimum 50 users
  • Microsoft 365 E5 & Microsoft 365 Office Apps for Enterprise (version 18.2008.12711.0 or later)
  • From 1 to 10 sensitivity label names compliant with your organization's information protection policies. Examples provided in the resources
2. Installation (30 minutes)
3. Configuration (1-4 hours)
  • Log in and retrieve your Securosys365 admin credentials through our support portal
  • Create & publish sensitivity labels in your Azure tenant
  • Test
Can Securosys support me for the installation?

We can offer a 30-minute demo with one of our Senior Product Engineer to address the most common questions.

Unfortunately, we cannot provide consulting resources to work on your infrastructure and perform the installation on your behalf.

However, we would be happy to recommend consulting partners to support you with the installation.

How to kickstart a proof-of-concept for S365?
  • Liaise internaly with the relevant stakeholders. Most likely the CISO
  • Assess the complexity of the solution, the pre-requisites, the technical & human resources needed. Appoint external resources if needed
  • Install Azure Information Protection on your environment and link it to your Securosys365 tenant (30 minutes)
  • Choose and implement security labels (1-4 hours)
  • Run some tests as an end-users on Excel, Word, PowerPoint, Outlook, to cover your most important use cases
What is included in the monthly subscription?

The monthly subscription includes:

  • Infrastructure/hardware costs - Primus HSM, etc.
  • Software costs with continuous improvement
  • Online console to manage your key
  • 24/7 support & maintenance

Not included:

  • Azure & Microsoft desktop App licences
  • Any consulting/training/support for the Proof of Concept PoC & onboarding - We can recommend some partners instead
What are the technical skills needed to install S365?

To install S365, you need to understand the following concepts:

  • Azure Fundamentals
  • Azure Information Protection (AIP)
  • Azure Active Directory (AAD)

which would be most likely CISO, IT Manager/Director, System Administrator, Security Analyst, Security Engineer, Security Architect. They can be supported by Security Consultant, IT Auditor, Data Protection Officer (DPO), Compliance Officer, Risk Manager.

Why does S365 work with Microsoft E5 licences, but not E1 & E3 ones?

Securosys365 works with the Double-Key Encryption (DKE) protocol from Microsoft, which is only included in E5 licences.

If you don't have an E5 licence, Microsoft offers a 30-day free trial here

What happens if I lose access to my documents, or if my Microsoft Office 365 subscription is cancelled?

The data would remain encrypted and could not be used by anyone

 

What happens to my documents if I unsubscribe from S365?

Before your subscription ends, we recommend the following exit process:

  • Decrypt all your documents and move them to their new location
  • If you have a lot of documents, you can run a PowerShell script to decrypt any DKE-encrypted protected files.

Please contact us at least 1-month before the termination to ensure a smooth exit process.

 

Microsoft Office already encrypts the data by default. Isn't that sufficient?

While Microsoft Office does include default encryption for data, Securosys365 goes beyond by providing additional layers of security. Our solution not only enhances encryption but also empowers you to control who can encrypt/decrypt data, offering advanced threat detection and customization options tailored to your organization's specific needs. This ensures a comprehensive and customizable approach to safeguarding your sensitive data alongside the default encryption provided by Microsoft Office.

What makes S365 different from other solutions?
Once a sensitivity level is chosen, can I update if to a higher/lower one?
Yes, you can always update sensitivity labels.
Can Securosys decrypt my documents?

No, Securosys cannot access your data because:

  • Securosys doesn't have access to your Azure tenant
  • The decryption is performed on the client's device by the Office Apps
Why choosing multiple sensitivity labels ? Can't we simply have one and apply it to all the data?

Within your organization, you might have different groups of users with different roles & duties. The permissions will be different for each of them.

Thus, you will need a specific sensitivity labels to match each use cases.

What does Securosys365 protect my documents against?
Securosys365 enables you to retain control of your second key and mitigate the following risks:
  • Security vulnerabilities in complex hyperscaler environments
  • Malicious activities by hyperscalers or employees
  • Loss of intellectual property
Additionally, it ensures compliance with GDPR protection laws.
What happens if the key is lost?

If the Securosys365 key is lost, you could not decrypt your data anymore.

However, this risk is being eliminated as your key is stored in an HSM which is redundant.

If a user A leaves the company, can a user B access its documents?
Yes, the MIP admin on customer side simply needs to apply user A's permissions to user B.

Related Products

cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations. device-hsm-colourful Overview Primus HSM Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards Amazon-Web-Services-AWS-Logo AWS External Key Store (XKS) Keep the complete control of your keys in AWS Key Management Service (KMS) image-2.6 Bring Your Own Key (BYOK) Enhancing cloud security and compliance with Securosys HSM and BYOK integration
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
device-hsm-colourful Overview Primus HSM Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
Amazon-Web-Services-AWS-Logo AWS External Key Store (XKS) Keep the complete control of your keys in AWS Key Management Service (KMS)
image-2.6 Bring Your Own Key (BYOK) Enhancing cloud security and compliance with Securosys HSM and BYOK integration
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
device-hsm-colourful Overview Primus HSM Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
Amazon-Web-Services-AWS-Logo AWS External Key Store (XKS) Keep the complete control of your keys in AWS Key Management Service (KMS)
image-2.6 Bring Your Own Key (BYOK) Enhancing cloud security and compliance with Securosys HSM and BYOK integration
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
device-hsm-colourful Overview Primus HSM Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
Amazon-Web-Services-AWS-Logo AWS External Key Store (XKS) Keep the complete control of your keys in AWS Key Management Service (KMS)
image-2.6 Bring Your Own Key (BYOK) Enhancing cloud security and compliance with Securosys HSM and BYOK integration
cloudhsm-alps-locket-colourful CloudHSM CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
device-hsm-colourful Overview Primus HSM Gain Full sovereignty over your data with Securosys Primus HSM, ensuring the utmost security standards
Amazon-Web-Services-AWS-Logo AWS External Key Store (XKS) Keep the complete control of your keys in AWS Key Management Service (KMS)
image-2.6 Bring Your Own Key (BYOK) Enhancing cloud security and compliance with Securosys HSM and BYOK integration