A Thing
The Green SheetGreen Sheet

News from the Wire

Cryptomathic First to Launch Full Lifecycle & HSM-Agnostic ‘Bring Your Own Key’ Solution for Microsoft Azure Key Vault

Tuesday, June 02, 2020 — 11:01:01 (EDT)

02 June 2020 – Cryptography solutions pioneer, Cryptomathic, has today enabled its client banks and other security-sensitive businesses to leverage Microsoft Azure’s platform while retaining lifecycle control of critical keys, following the introduction of unique HSM-agnostic functionality in its popular key lifecycle management system, CKMS.

‘Bring Your Own Key’ (BYOK) cloud solutions, which enable businesses using cloud services to generate, back up, deliver and manage their own cryptographic keys, have quickly gained traction among businesses that require a high level of control over their data security in the cloud.

Until recently Microsoft Azure’s Key Vault BYOK support has only been possible using a single vendor’s HSM (Hardware Security Module). Microsoft today announces public support for a new protocol open to HSM and other security-centric vendors.

Cryptomathic is proud to be an early supporter of this standard and the first to support it with a comprehensive banking grade key management system, CKMS.

CKMS allows Azure Key Vault BYOK keys to be automatically pushed to the cloud under a policy dictated by the business. The same key(s) can be securely delivered to on-premise applications and even to a third-party cloud vendor. CKMS supports multiple HSM brands at its core, and thus puts the choice of HSM vendor in the hand of the customer. This HSM-agnostic approach allows banks and organisations broad support of applications in the cloud and on-premise, underpinned by their preferred HSM brand.

“Banks are under pressure to exploit the benefits of public cloud services while still retaining control of essential security; BYOK services are en route to this but have been hampered by proprietary standards,” comments Ed Wood, Director of Product Management, Cryptomathic. “Azure is strongly positioned to service banks and financial institutions on their journey to the cloud. By supporting this new service with CKMS, we are enabling banks to use our popular system for full lifecycle key management across their on-prem and preferred cloud estates. By being truly HSM vendor agnostic, it gives them the power to decouple their HSM choice from the use of their preferred cloud vendor.”

Amit Bapat, Product Manager for Azure Key Vault at Microsoft comments: “We welcome the addition of Cryptomathic’s CKMS to the family of products supporting Azure Key Vault BYOK. CKMS is the first lifecycle key management system and first HSM-agnostic solution to be validated by Microsoft for this new key import method.”

For media enquiries please contact Alistair Cochrane at iseepr alistair.c@iseepr.co.uk

Useful links

For more information on CKMS and Azure Key Vault BYOK visit: www.cryptomathic.com/azurebyok

For more information on CKMS visit: www.cryptomathic.com/products/key-management/crypto-key-management-system

About Cryptomathic

Cryptomathic is a global provider of secure server solutions to businesses across a wide range of industry sectors, including banking, government, technology manufacturing, cloud and mobile. With over 30 years' experience, we provide systems for Authentication & Signing, EMV, Key Management and PKI & ID, through best-of-breed security solutions and services.

We pride ourselves on strong technical expertise and unique market knowledge, with 2/3 of employees working in R&D, including an international team of security experts and a number of world-renowned cryptographers. At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.


The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information: bankcardlife.com?orid=33533&opid=1 .

Source: Company press release. end of article

A Thing