→ Back to Home
Azure

Securosys EKM Proxy Enhances Azure Key Management for Data Sovereignty in Regulated Sectors

Securosys SA, a Swiss cybersecurity firm, has announced the general availability of its External Key Manager (EKM) Proxy for Microsoft Azure. This new offering extends the capabilities of Azure Key Vault Managed HSM, specifically targeting organizations in regulated sectors such as financial services, healthcare, and the public sector. The EKM Proxy allows these entities to retain full control over their cryptographic keys, ensuring that keys never leave the customer's own Hardware Security Module (HSM) environment, even when performing encryption operations within Azure. This development is crucial for practitioners grappling with evolving data sovereignty and compliance mandates. While Azure has long offered Bring Your Own Key (BYOK) functionality, which allows customers to generate keys externally and then import them into Azure Key Vault, the Securosys EKM Proxy takes this a step further. It enables cryptographic operations to be executed directly within the customer's Securosys Primus HSM or CloudHSM, effectively keeping the master keys entirely outside of Azure's trust boundary. This provides an enhanced layer of control and auditability, which is often a non-negotiable requirement for sensitive workloads. The broader context for this release lies in the increasing demand for robust cloud security and data governance, particularly in a global regulatory landscape that is becoming more stringent. Regulations like GDPR, HIPAA, and various national data residency laws place immense pressure on organizations to demonstrate absolute control over their data and the mechanisms protecting it. Cloud providers are continually enhancing their offerings to meet these demands, but third-party solutions like Securosys's EKM Proxy fill critical gaps, especially for highly specialized compliance needs. This trend towards externalized key management underscores a growing maturity in cloud adoption, where enterprises seek to leverage cloud scalability while maintaining on-premises-equivalent control over their most sensitive assets. In practice, this means that security architects and DevOps engineers working in regulated environments now have a more powerful tool to achieve compliance. Implementing the Securosys EKM Proxy requires an Azure account with Azure Key Vault Managed HSM configured for external key management, a Securosys Primus HSM or CloudHSM partition, and a host environment for the proxy container. This setup allows for a clear separation of duties and enhanced accountability, as the customer's security team retains direct oversight of the key lifecycle. For organizations that have previously hesitated to move certain workloads to Azure due to key control concerns, this solution could be a significant enabler. Practitioners should evaluate their specific regulatory requirements and existing HSM infrastructure to determine if this EKM Proxy offers the necessary level of assurance and simplifies their compliance journey, potentially unlocking new cloud adoption scenarios.
#security#key management#data sovereignty#compliance#azure
Read original source