Microsoft strives to produce innovative products and services that meet customers' evolving needs. Entrust nShield HSMs are certified to support a wide range of Microsoft security solutions and deliver the industry’s most operationally efficient key management framework.
Entrust enables Microsoft customers to utilize cryptographic security to enhance their business as well as satisfy evolving compliance requirements. Entrust and Microsoft together facilitate the secure adoption of new technologies and delivery models including virtualization and cloud computing. Entrust is a Gold Certified Microsoft partner.
Entrust nShield HSMs safeguard the certificate issuance, management, and validation processes for organizations looking to extend the security of Microsoft Active Directory Certificate Services (AD CS) PKI. Using nShield HSMs, all key generation and certificate signing operations are executed within the tamper-resistant confines of the hardware module. Private keys are securely stored and never accessible outside the HSM. Microsoft published guidance on Securing PKI:
- Protecting CA Keys and Critical Artifacts, states that using an HSM is one of the strongest controls one can implement to provide strong protection of CA and other high value keys.
Entrust nShield HSMs create tight controls around the management and the keys used to protect sensitive data at rest and in use across Azure-based on-premises and client applications. Microsoft Azure Key Vault safeguards the critical cryptographic keys used in the cloud to keep data secured. Used with Microsoft Azure Information Protection (AIP), the data exchanged within collaborative work environments is protected by embedding enforceable security policies right on the data assets, regardless of the data type.
AIP uses Entrust HSMs to ensure that keys are always under customer control. Microsoft AIP with Bring Your Own Key (BYOK) gives organizations control and visibility of the use of their keys, and neutralizes the perception that sensitive data maintained in the cloud is vulnerable.
While most content can be served by securely stored keys in Azure, some sensitive content can never leave the customer’s own security perimeter. To manage this sensitive data, AIP also offers Hold Your Own Key (HYOK). The HYOK option is enabled by an on-premises component, with key management provided through the Entrust HSMs.
Entrust key management for Microsoft SQL Server 2016, 2014, 2012 and 2008 extends and enhances security by providing protection and lifecycle management for database encryption keys. Entrust HSMs utilize Microsoft’s Extensible Key Management (EKM) interface to support Transparent Data Encryption (TDE) and cell-level encryption modes for protection and consolidation of database application keys. This provides high assurance key archival for long-term data access, as well as, facilitate periodic rotation of encryption keys as required by regulations such as PCI DSS.
In addition to the resources linked on this page, several detailed integration guides are available for Entrust-Microsoft solutions – please visit Knowledge Base for a full listing.
- nFinity Partner Program
- Cloud, DevOps, Containers, Microservices
- Digital Signing, Code Signing
- PKI, IoT, Certificate Management
- Encryption, Database Security, Tokenization
- Network Security, Application Delivery Controllers (ADCs)