https://store-images.s-microsoft.com/image/apps.909.5e9d7bf0-5444-4846-9900-2fc187a90365.3fee3654-03e9-4149-bf23-334532a1528f.002432f8-eade-4ab3-8bba-1b0840e3884f
Utimaco’s Enterprise Secure Key Manager (ESKM) with Azure KeyVault Integration
by Utimaco IS GmbH
Just a moment, logging you in...
The ESKM solution provides the import of customer owned keys (BYOK) into the Azure KeyVault
The traditional Microsoft BYOK approach is to generate a private/public key pair in a local/on-premise GP HSM and export/import it as a wrapped key pair into the Azure KeyVault.
The ESKM integration into the Azure KeyVault allows you to generate a private/public key pair in the ESKM, using FIPS approved algorithms, and push it to the Azure KeyVault to encrypt Azure SaaS, PaaS, and/or IaaS resources.
- The private/public key pair stays under the control of the customer - it can be managed and revoked directly from ESKM.
- In a BYOK scenario, the ESKM generates the keys and uploads them to the respective CSP.
- Only authorized users have access to unencrypted data.
The ESKM allows you to manage the entire key life cycle (generate, store, distribute/use, rotate/rekey and terminate/revoke).
Utimaco provides flexible deployment options:
- ESKM with integrated Utimaco GP HSM
- vESKM, which can be connected to external Utimaco GP HSM
General note: For redundancy reasons Utimaco recommends deploying ESKM in cluster mode!.
At a glance
https://store-images.s-microsoft.com/image/apps.54012.5e9d7bf0-5444-4846-9900-2fc187a90365.3fee3654-03e9-4149-bf23-334532a1528f.3617fecf-21cf-4ee1-85f4-f4220f8e4a3e