February 24, 2015

Azure Key Vault - Amazing!

Slalom’s Security Solutions provides organizations with a variety of standardized methodologies and technical solutions to aid businesses of all shapes and sizes in securing their information. These solutions would be recognized as standard security offerings many organizations offer like IOC/SOC, penetration testing, compliance pre-audit, identity and access management and more. What sets Slalom Security Solutions apart from others is our approach to these traditional offerings. You’ve heard the old adage that there are only two kinds of companies on earth: those that have been hacked and those that don’t know it yet. This begets the fundamental truism that is the Modern Datacenter: “The bad guys are already in your network. Expending resources to prevent all bad guys from being in your network is a waste of those resources. It is better for organizations to expend resources securing the data where it sits, wherever that may be.”

Several of our solutions focuses on the need to encrypt, well, everything. This of course, includes anything that touches the public cloud, be that a virtual machine, database, set of files or services, application keys, etc. Microsoft stands apart from all other cloud vendors as being very forceful in its insistence that whatever data you put into their services remain YOUR data. There are numerous instances of MSFT going to bat legally, politically and technically to safeguard your data. They do not disguise this reality: this is your data – encrypt it with our service. We neither want the private key, nor need the private key. If compelled to release your data, or a data leak occurs, only your organization will be able to decrypt it. In order to provide for that level of trust, Microsoft has introduced the public preview of a service that already runs under the covers within Office 365 and has been available as a standalone third party solution for some time: Windows Azure Key Vault service.

As related in Microsoft’s announcement of January 8, 2015, Azure Key Vault is “a cloud-hosted HSM-backed service for managing cryptographic keys and other secrets used in your cloud applications. You will be able to use it for all your important workloads both on premises and cloud hosted.” Slalom leverages this service for organizations looking to increase their security footprint in the cloud by protecting virtual machines, SQL databases, application settings and more using FIPS 140-2 Level 2 standard HSM modules. Again, this is the same technology that lives just below the surface of Azure Rights Management services and various components of Office 365. For more information on the service itself, please see the above link. Azure Key Vault provides a foundational mechanism for organizations to enable cloud and mobile access to information and resources while easily keeping the private key to those encrypted data secure from both prying eyes, and the vendor hosting the content. Because it underpins many modern datacenter technologies, it can be considered a unifying and enabling technology – something that allows organizations to reduce their spend on competing, niche solutions and move towards a holistic enterprise grade key management storage solution.