Hi @PUA Anthony
Thank you for posting this in Microsoft Q&A.
I understand you are looking for clarification on the concept of "key sovereignty" as it relates to Azure services, specifically in the context of Azure Key Vault Premium versus Managed HSM.
Key sovereignty is an important concept in cloud security, and it means that the customer has full control over their encryption keys and who can access them. In Azure Key Vault Premium, Microsoft personnel cannot intervene in the customer's key management decisions, and the key management service code executes the customer's decisions until the customer tells it to do otherwise.
However, it's important to note that while Azure Key Vault Premium does not have key sovereignty, it still provides strong security and compliance features. For example, it supports role-based access control (RBAC) and audit logging, which can help you meet regulatory requirements.
In terms of when Microsoft personnel might intervene, there are certain situations where they may need to access customer data or systems for support or troubleshooting purposes. However, in these cases, Microsoft personnel are subject to strict access controls and auditing requirements, and they must obtain customer consent before accessing any customer data or systems.
Regarding your use case for the banking/financial industry, it's important to evaluate your specific security and compliance requirements to determine whether Azure Key Vault Premium meets your needs. If you require key sovereignty, you may want to consider using Azure Dedicated HSM or Azure Confidential Computing, which provide additional security features. However, if you don't require key sovereignty, Azure Key Vault Premium may be a good fit for your use case.
For your reference: Infrastructure security
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.