Ask Learn Preview
Please sign in to use this experience.
Sign inThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Cryptographic authentication and encryption are powerful tools for ensuring confidentiality, privacy, and data sovereignty. However, the effectiveness of these methods depends on the security and robustness of the cryptographic technologies and the reliability of the operational processes that supports them.
In the current digital landscape, encryption is essential for protecting data, especially as more organizations adopt cloud services. Encryption converts data into a more secure format that unauthorized parties can't access without an encryption key. This approach helps ensure that sensitive data is only accessible to users with the correct permissions and keys. For government, healthcare, and finance sectors, where stringent regulatory requirements exist, encryption serves as a crucial layer of security to prevent unauthorized access to sensitive information.
Microsoft Azure uses encryption keys to help protect data and secure communications. These digital keys are essential in implementing encryption, signing, and validation processes to ensure the confidentiality, integrity, and authenticity of data that the organization stores and manages.
Encryption keys are the root of trust for securing modern computer systems, whether on-premises or in the cloud. Therefore, controlling who has authority over those keys is critical for building more secure and compliant applications.
In Azure, the perception of how key management should be done in the cloud is key sovereignty. Key sovereignty means that a customer's organization has full and exclusive control over who can access keys and change key management policies, including control over which Azure services consume these keys. After the customer makes these decisions, Microsoft personnel are prevented through technical means from changing these decisions. The key management service code implements the customer's decisions until the customer tells it to do otherwise, and Microsoft personnel can't intervene.
Ideally, every service in the cloud should be fully managed. The service must provide the required availability, resiliency, security, and cloud fundamental promises, backed by service-level agreements (SLAs). To deliver a managed service, Microsoft needs to patch key management servers, upgrade hardware security module (HSM) firmware, heal failing hardware, perform failovers, and do other high-privilege operations. As most security professionals know, when someone has high privilege or has physical access to a system, it’s difficult denying them access to the data within that system.
Azure fortifies your data through state-of-the-art encryption technologies and puts up barriers against unauthorized access to the data, including two or more independent encryption layers to help protect against compromises of any single layer. In addition, Azure provides clearly defined, well-established responses, policies and processes, strong contractual commitments, and strict physical, operational, and infrastructure security controls to provide customers with ultimate control of their data in the cloud.
Microsoft Cloud for Sovereignty uses Azure to empower government and regulated industry customers. As a result, they can control and better secure their data according to local laws and compliance standards, with encryption as a cornerstone of this approach. It allows organizations to have more data protection and compliance across regions and industries that meet various international security standards.
With data protection and regulatory compliance requirements varying significantly across countries/regions and industries, Microsoft Cloud for Sovereignty helps organizations build more secure, compliant, and resilient solutions in different cloud-based environments.
By empowering organizations with flexible, robust encryption options and a trusted compliance framework, Microsoft Cloud for Sovereignty helps them build resilient, sovereign cloud solutions that align with unique data protection and regulatory needs.
Please sign in to use this experience.
Sign in