1 min read

Cryptomathic Launches Full Lifecycle BYOK Solution for Microsoft Azure

Cryptomathic Launches Full Lifecycle BYOK Solution for Microsoft Azure

Providing full control over key lifecycle with automated delivery of keys for banks and other security sensitive businesses


Cryptomathic has enabled its client banks and other security-sensitive businesses to leverage Microsoft Azure’s platform while retaining lifecycle control of critical keys, following the introduction of unique HSM-agnostic functionality in its popular key lifecycle management system, CKMS.

‘Bring Your Own Key’ (BYOK) cloud solutions, which enable businesses using cloud services to generate, back up, deliver and manage their own cryptographic keys, have quickly gained traction among businesses that require a high level of control over their data security in the cloud.

Until recently Microsoft Azure’s Key Vault BYOK support has only been possible using a single vendor’s HSM (Hardware Security Module). Microsoft today announces public support for a new protocol open to HSM and other security-centric vendors.

Cryptomathic is proud to be an early supporter of this standard and the first to support it with a comprehensive banking grade key management system, CKMS.

CKMS allows Azure Key Vault BYOK keys to be automatically pushed to the cloud under a policy dictated by the business. The same key(s) can be securely delivered to on-premise applications and even to a third-party cloud vendor. CKMS supports multiple HSM brands at its core, and thus puts the choice of HSM vendor in the hand of the customer. This HSM-agnostic approach allows banks and organisations broad support of applications in the cloud and on-premise, underpinned by their preferred HSM brand. 

“Banks are under pressure to exploit the benefits of public cloud services while still retaining control of essential security; BYOK services are en route to this but have been hampered by proprietary standards,” comments Ed Wood, Director of Product Management, Cryptomathic. “Azure is strongly positioned to service banks and financial institutions on their journey to the cloud. By supporting this new service with CKMS, we are enabling banks to use our popular system for full lifecycle key management across their on-prem and preferred cloud estates. By being truly HSM vendor agnostic, it gives them the power to decouple their HSM choice from the use of their preferred cloud vendor.”

Amit Bapat, Product Manager for Azure Key Vault at Microsoft comments: “We welcome the addition of Cryptomathic’s CKMS to the family of products supporting Azure Key Vault BYOK. CKMS is the first lifecycle key management system and first HSM-agnostic solution to be validated by Microsoft for this new key import method.”