Double Key Encryption of Office 365 - For When Trusting Microsoft Isn’t Good-Enough

Most of us have confidence in Microsoft’s ability to protect Office 365 content hosted in Azure. The consequences for Microsoft, and its customers, would be too high to tolerate anything less than industry-leading security. We often talk about the acronym CIA to characterize what’s important for public cloud security; Confidentiality, Integrity, and Availability. However, sometimes CIA isn’t enough. We have to factor in privacy. Often customer or management requirements demand that extra steps be taken to protect privacy against the possibility that Azure is compelled to provide access to sensitive content or to meet specific jurisdictional privacy regulations. This is where DuoKey’s recently announced key service, based on multiparty computation (MPC) is a game-changer.

Microsoft introduced support for Double Key Encryption (DKE) of Office 365 earlier this year. The objective was to make it easy for enterprise customers to provide an extra level of security over critical content stored in Azure by supporting the second level of encryption with a customer-controlled key. For many enterprises, the cost and complexity of procuring and operating their own key management system and hardware security modules (HSMs) to protect the customer-controlled keys were beyond their capacity. DuoKey resolves this challenge with its DuoKey Key Service, which is integrated with Office 365 and available as a cloud-based subscription service.

DuoKey has offered this service by partnering with Sepior, the foremost expert in cloud-native key management. Unlike traditional premises or cloud-based key management solutions, Sepior uses MPC to provide key management and protection using entirely cloud-based resources; without ever producing an entire key on any key server. The resulting key security is comparable and, in many ways, superior to what is achievable with conventional HSMs.

This cloud-native key service approach is fully integrated with Office 365 through DuoKey’s key service offering, making it both easy and affordable for enterprises to facilitate DKE of critical Office 365 assets. There is no requirement for enterprises to procure their own key management system, or HSMs, or hire security experts to operate and maintain the security of their HSM or KMS. They simply subscribe to and manage their key service at an application layer for a simple and effective solution to their advanced security requirements.

For more information on DuoKey’s key service offering, visit https://duokey.ch/.

For more information on Sepior’s MPC-based threshold key management, visit https://sepior.com/.