Encryption Key Management for Microsoft Azure
Alliance Key Manager for Microsoft Azure
Alliance Key Manager (AKM) for Microsoft Azure virtual machine encrypts sensitive data and securely manages encryption keys without the burden of hardware. Using the same FIPS 140-2 compliant key management solution found in Townsend Security’s HSM, AKM for Microsoft Azure is easily deployed in Microsoft Azure using management options provided by Microsoft.
Townsend Security’s Alliance Key Manager for Microsoft Azure addresses the complexity of the cloud with comprehensive encryption and key management solutions for a defensible security plan that will protect your business, reduce the chance of data breaches, meet compliance requirements and give you peace of mind now and into the future.
A Key Management Solution for Data in the Cloud
Alliance Key Manager for Microsoft Azure is a full virtual machine (VM) that you can run on demand. Because Alliance Key Manager for Microsoft Azure is deployed as a Microsoft Azure virtual machine, you only pay for what you use. Alliance Key Manager for Microsoft Azure can protect data in any Microsoft Azure environment (IaaS and PaaS) and can protect data in any non-Azure environment such as other cloud platforms, hosting providers, and traditional IT data centers.
Neglecting Encryption Key Management is a Business Risk
Encryption and key management have become a key strategic IT security issue. Protecting your encryption keys mitigates the risk of data breaches and cyber-attacks, as well as protects an organization’s brand, reputation and credibility. Alliance Key Manager for Microsoft Azure addresses these challenges by helping enterprises reduce risk, support business continuity, and demonstrate compliance.
Microsoft Azure Virtual Private Cloud (VPC)
Encryption key management is a critical security function and many organizations may want to implement Alliance Key Manager in a virtual private cloud architecture to meet their security goals or to meet compliance regulations. Alliance Key Manager for Microsoft Azure can be deployed in a Microsoft Azure VPC environment without any changes.
Key Mirroring for High Availability (HA)
Because encryption and key management are mission critical functions, Alliance Key Manager fully implements real-time mirroring of encryption keys and key access policies and supports active-active mirroring to another virtual instance of Alliance Key Manager or a physical HSM. While most Microsoft Azure users will mirror to a key management instance in a different availability zone, multiple mirroring targets are supported and you can chose the key management topology that makes the most sense.
Encryption Key Management Ready-To-Use
Alliance Key Manager for Microsoft Azure creates everything you need to protect your sensitive data on first boot! Within seconds of starting your AKM Microsoft Azure virtual machine you will automatically receive a 30-day trial license, generate a certificate authority and client-side credentials, and generate encryption keys that you can immediately use with SQL Server, Oracle, SharePoint, and other applications you run in Microsoft Azure.
Alliance Key Manager includes a number of ready-to-use encryption applications and software development kits (SDKs) which can be deployed in Microsoft Azure to protect databases and applications including:
|Protect Information in These Applications|
|Microsoft SQL Server (all Editions)||Microsoft Lync|
|Microsoft SharePoint 2012||User .NET applications|
|Microsoft Dynamics CRM, AX, GP, etc.||User Java, Perl, PHP applications with MySQL, etc.|
Microsoft Azure SQL Database
Developers can use the Cryptographic Service Providers (CSPs) built into the Microsoft .NET Framework to access Advanced Encryption Standard (AES) algorithms to encrypt their sensitive data. You can add encryption key management to your .NET applications to implement automatic column-level encryption.
SQL Server 2008 / 2012 Enterprise Edition
Enterprises can easily encrypt sensitive SQL Server data using Microsoft Extensible Key Management (EKM) with Transparent Data Encryption (TDE) or Cell Level Encryption. Alliance Key Manager integrates seamlessly with Microsoft’s EKM implementation and provides the fastest and easiest way to achieve database protection in Microsoft Azure.
SQL Server Standard and Web Edition
Enterprises using SQL Server Standard or Web Editions can easily encrypt sensitive data using Alliance Key Manager for Microsoft Azure’s .NET AES encryption libraries. You can add compliant encryption to your SQL Server .NET applications or implement automatic column-level encryption.
SharePoint TDE and Remote Blob Storage (RBS) Encryption
Enterprises using SharePoint in Microsoft Azure to store files and documents with sensitive information can secure this information using the Alliance Key Manager SQL Server TDE encryption solution for the content database and the Alliance Key Manager Remote Blob Storage encryption solution (available soon) to protect files and documents stored outside of SharePoint’s SQL Server content database. Encryption keys are securely stored away from the SharePoint documents to meet compliance regulations and security best practices.
Microsoft Dynamics CRM, AX, GP, Encryption
Enterprises using Microsoft Dynamics applications in the Azure cloud can protect data in these applications by implementing SQL Server TDE encryption using the Alliance Key Manager EKM provider solution. End users may inadvertently store sensitive information in these applications, and Alliance Key Manager for Microsoft Azure can encrypt the entire SQL Server database to protect this information.
Microsoft Exchange and Microsoft Lync Volume Encryption
Customers using Exchange and Lync for corporate communications can now secure these applications by deploying the applications on a fully encrypted Windows volume. Encrypted volume support is provided by TrueCrypt, and encryption key management is provided by Alliance Key Manager software to protect TrueCrypt passwords.
Microsoft .NET Encryption and Key Management
Enterprises using custom .NET applications written in C# can easily encrypt sensitive data using Alliance Key Manager for Microsoft Azure’s .NET AES encryption libraries. You can add compliant encryption to your .NET applications for data protection in non-Microsoft databases, or for any unstructured data you wish to protect. Alliance Key Manager for Microsoft Azure assures organizations that their data is meeting data security best practices, as well compliance requirements for dual control and separation of duties.
Alliance Key Manager for Microsoft Azure supports the following Azure environments:
- Windows Server 2008, 2008 R2, and 2012 (IaaS)
- Windows Azure (PaaS)
- SQL Azure (PaaS)
Alliance Key Manager for Microsoft Azure supports the following Microsoft applications:
- SQL Server 2008, 2008 R2, 2012 Enterprise Edition and higher with EKM
- SQL Server 2008, 2008 R2, 2012 Standard and Web Editions
- SharePoint 2012 with SQL Server TDE
- Dynamics CRM, AX, GP, etc. with SQL Server TDE
- Microsoft C# applications
- Java, Perl, and PHP applications with MySQL and other databases
CE, FCC, RoHS
128-bit AES symmetric keys
192-bit AES symmetric keys
256-bit AES symmetric keys
1024-bit RSA keys
2048-bit RSA keys
SSL/TLS authenticated secure communications
GUI console for key management
Secure web application for server management