Encryption and Key Management for Microsoft Azure

Alliance Key Manager for Microsoft Azure

Encryption and Key Management for Microsoft Azure
800.357.1019
800.357.1019

Your Data in Microsoft Azure is Encrypted. How are You Managing the Keys?

Using the same FIPS 140-2 compliant key management solution found in Townsend Security’s HSM, Alliance Key Manager for Microsoft Azure is easily deployed in Microsoft Azure using management options provided by Microsoft. The solution addresses the complexity of the cloud with comprehensive encryption and key management for a defensible security plan that will protect your business, reduce the chance of data breaches, meet compliance requirements.

A Key Management Solution for Data in the Cloud

Alliance Key Manager for Microsoft Azure is a full virtual machine (VM) that you can run on demand. Because Alliance Key Manager for Microsoft Azure is deployed as a Microsoft Azure virtual machine, you only pay for what you use. Alliance Key Manager for Microsoft Azure can protect data in any Microsoft Azure environment (IaaS and PaaS) and can protect data in any non-Azure environment such as other cloud platforms, hosting providers, and traditional IT data centers.
 

Neglecting Encryption Key Management is a Business Risk

Encryption and key management have become a key strategic IT security issue. Protecting your encryption keys mitigates the risk of data breaches and cyber-attacks, as well as protects an organization’s brand, reputation and credibility.  Alliance Key Manager for Microsoft Azure addresses these challenges by helping enterprises reduce risk, support business continuity, and demonstrate compliance.
 

Microsoft Azure Virtual Private Cloud (VPC)

Encryption key management is a critical security function and many organizations may want to implement Alliance Key Manager in a virtual private cloud architecture to meet their security goals or to meet compliance regulations. Alliance Key Manager for Microsoft Azure can be deployed in a Microsoft Azure VPC environment without any changes.
 

Key Mirroring for High Availability (HA)

Because encryption and key management are mission critical functions, Alliance Key Manager fully implements real-time mirroring of encryption keys and key access policies and supports active-active mirroring to another virtual instance of Alliance Key Manager or a physical HSM. While most Microsoft Azure users will mirror to a key management instance in a different availability zone, multiple mirroring targets are supported and you can chose the key management topology that makes the most sense.
 

Encryption Key Management Ready-To-Use

Alliance Key Manager for Microsoft Azure creates everything you need to protect your sensitive data on first boot! Within seconds of starting your AKM Microsoft Azure virtual machine you will automatically receive a 30-day trial license, generate a certificate authority and client-side credentials, and generate encryption keys that you can immediately use with SQL Server, SharePoint, and other applications you run in Microsoft Azure.
 

Protect Information in These Applications

Alliance Key Manager includes a number of ready-to-use encryption applications and software development kits (SDKs) which can be deployed in Microsoft Azure to protect databases and applications including:

  • Microsoft SQL Server (all Editions)
  • Microsoft Lync
  • Microsoft SharePoint 2012
  • User .NET applications
  • Microsoft Dynamics CRM, AX, GP, etc.
  • User Java, Perl, PHP applications with MySQL, etc.
  • Microsoft Exchange 


Microsoft Azure SQL Database

Developers can use the Cryptographic Service Providers (CSPs) built into the Microsoft .NET Framework to access Advanced Encryption Standard (AES) algorithms to encrypt their sensitive data. You can add encryption key management to your .NET applications to implement automatic column-level encryption.


SQL Server 2008-2016 Enterprise Edition

Enterprises can easily encrypt sensitive SQL Server data using Microsoft Extensible Key Management (EKM)  with Transparent Data Encryption (TDE) or Cell Level Encryption.  Alliance Key Manager integrates seamlessly with Microsoft’s EKM implementation and provides the fastest and easiest way to achieve database protection in Microsoft Azure.
 

SQL Server Standard and Web Edition

Enterprises using SQL Server Standard or Web Editions can easily encrypt sensitive data using Alliance Key Manager for Microsoft Azure’s .NET AES encryption libraries. You can add compliant encryption to your SQL Server .NET applications or implement automatic column-level encryption.
 

SharePoint TDE Encryption

Enterprises using SharePoint in Microsoft Azure to store files and documents with sensitive information can secure this information using the Alliance Key Manager SQL Server TDE encryption solution for the content database to protect files and documents stored outside of SharePoint’s SQL Server content database. Encryption keys are securely stored away from the SharePoint documents to meet compliance regulations and security best practices.
 

Microsoft Dynamics CRM, AX, GP, Encryption

Enterprises using Microsoft Dynamics applications in the Azure cloud can protect data in these applications by implementing SQL Server TDE encryption using the Alliance Key Manager EKM provider solution. End users may inadvertently store sensitive information in these applications, and Alliance Key Manager for Microsoft Azure can encrypt the entire SQL Server database to protect this information.
 

Microsoft .NET Encryption and Key Management

Enterprises using custom .NET applications written in C# can easily encrypt sensitive data using Alliance Key Manager for Microsoft Azure’s .NET AES encryption libraries. You can add compliant encryption to your .NET applications for data protection in non-Microsoft databases, or for any unstructured data you wish to protect. Alliance Key Manager for Microsoft Azure assures organizations that their data is meeting data security best practices, as well compliance requirements for dual control and separation of duties.

Certifications and Validations

NIST AES compliance (ECB and CBC modes of encryption)

NIST SHA validation

NIST RNG validation (x9.31)

NIST HMAC validation

NIST FIPS 140-2, level 1

OASIS KMIP

Interfaces

TLS authenticated secure communications

GUI console for key management

Secure web application for server management

Key Sizes

AES 128, 192, 256 bit symmetric keys

RSA 1024,2048, 3072, 4096 bit asymmetric keys

Supported Azure Environments

Windows Server 2008, 2008 R2, and 2012 (IaaS)

Windows Azure (PaaS)

SQL Azure (PaaS)

Solution Briefs

Alliance Key Manager for Microsoft Azure

Encryption key management for Microsoft Azure.

Datasheets

Alliance Key Manager

Alliance Key Manager works with all major business platforms, cloud platforms, and leading encryption applications.

White Papers

Critical Steps to Encryption & Key Management in Microsoft Azure Cloud

Authored by Stephen Wynkoop, SQL Server MVP and Founder/Editor at SSWUG.ORG, this white paper discusses the options and responsibilities for managing encryption in the Microsoft Azure Cloud.