Thales helps secure Microsoft’s next-generation cloud service

Innovative bring your own key (BYOK) capability allows businesses to retain control of critical assets in the cloud.

  • Tuesday, 12th November 2013 Posted 11 years ago in by Phil Alsop

Thales announces that its nShield hardware security modules (HSMs) have been deployed by Microsoft to provide enhanced security for Microsoft Rights Management service (Windows Azure RMS). The new online offering – a cloud-based digital rights management system – forms the core of a new secure collaboration service accessible from anywhere, by anyone and supporting a multitude of document formats.


Until now rights management has mainly focused on infrastructure deployed within the enterprise over which an organization had complete control. By shifting to a cloud-based model customers now have the ability to dramatically expand accessibility and ease of use – particularly when collaborating with parties outside their own network and across today’s highly dispersed organizations. However, the issue of control and security is still paramount.
The goal for any security-oriented cloud services is to convey confidence that sensitive data in the cloud is protected, confidence that different tenants are strongly segregated and that control over critical security assets such as cryptographic keys remains with the customer. Recognizing this, Microsoft went beyond simply using HSMs in the Windows Azure cloud to enhance the security of the RMS service by enabling customers to ‘bring your own key’ (BYOK). By using a Thales nShield HSM on-premise an organization can generate and securely transfer their critical Tenant Key (the customer’s master key) to Thales HSMs in Windows Azure where it is used to underpin the security of their RMS service. This gives organizations complete custody and visibility over the use of their master key and the reassurance that they can use the Microsoft service on their own terms.