Double Key Encryption Integration

Double key encryption is an advanced encryption method that uses two separate keys to protect sensitive data. One encryption key is stored in the cloud by a cloud provider, such as Microsoft Azure, while the other is securely managed by the organization, typically in a hardware security module (HSM) or key vault. This ensures encrypted content remains inaccessible to unauthorized users, even if the cloud environment is compromised.

DKE provides an extra layer of protection for sensitive information, particularly for regulated industries that must comply with stringent regulatory compliance standards. By splitting the encryption keys, organizations maintain control over their most sensitive data. This ensures that no single entity has full access to encrypted data, mitigating risks from potential breaches.

DKE also supports data security by integrating seamlessly with solutions like Microsoft Azure Information Protection and sensitivity labels to safeguard protected data.

DKE encrypts data with two encryption keys. The organization manages one, while its cloud provider — such as Microsoft Azure — handles the other.

The organization stores its cryptographic key in a key management solution, such as a hardware security module or an enterprise key vault. The cloud provider manages the second key within its infrastructure. This dual-key approach ensures encrypted content cannot be decrypted without organizational consent and provides enhanced data protection for sensitive and personal information.

Common use cases for double key encryption include:

• Protecting sensitive information in the cloud: DKE ensures that encrypted content stored in cloud environments like Microsoft Azure remains secure.
• Regulatory compliance: Many industries, such as healthcare and finance, require enhanced encryption to meet compliance standards for protecting sensitive information.
• Data sovereignty: DKE is particularly useful for businesses requiring control over their encryption keys to meet jurisdictional or data residency requirements.

Entrust offers streamlined integration with Microsoft Azure Information Protection through nShield HSMs and key management solutions. This ensures organizations can:

• Use hybrid computing environments with added levels of protection, control, and assurance
• Encrypt so that even Microsoft can’t access sensitive content
• Own and control the software that generates the encryption key
• Host and store keys and sensitive data in the location of their choice

Learn more about Entrust Double Key Encryption.

Entrust’s double key encryption service offers several unique advantages:

• Industry-leading HSMs: Entrust nShield HSMs enable secure key generation, storage, and management.
• Seamless Microsoft integration: Entrust’s solution is fully compatible with Microsoft Azure and Microsoft DKE, ensuring a smooth implementation.
• Robust compliance capabilities: Entrust helps organizations regulatory standards by ensuring sensitive information and encryption keys are securely managed.

Entrust Double Key Encryption is supported by FIPS 140-2 Level 3 and Common Criteria EAL4+ certified nShield Solo XC (PCIe) and nShield Connect XC (network-attached) HSMs.