Thales Solution for Microsoft Azure

Microsoft Azure offers convenience and cost savings. However, you still need to follow security, privacy and compliance rules, as well as best practices, for protecting data. Further, you need rapid data mobility across all clouds you currently use and those in your future, a need which can be compromised with cloud-vendor-specific encryption solutions.

Advanced Encryption with Comprehensive Azure Key Management

Thales Trusted Cyber Technologies (TCT) advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, Microsoft Azure, and other cloud providers. Thales TCT technology enables you to:

Bring Your Own Encryption

If you’re 100% Microsoft Azure-based with stringent data security controls, or if you’re running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and on Microsoft Azure, you need an advanced data encryption solution. CipherTrust Transparent Encryption protects your files and databases on your premises and across multiple clouds including Microsoft Azure, without any changes to applications, databases, infrastructure or business practices.

CipherTrust Transparent Encryption:

  • Strengthens data security with controls against unauthorized access based on granular access policies, including user identity (including for administrators with root privileges), and process, among many others
  • Accelerates breach detection and satisfy compliance mandates with detailed file access logs directed to your security information and event management (SIEM) system
  • Delivers a fast return on investment with a non-intrusive, flexible implementation. Encryption agents operate on Azure compute instances or any other server accessing storage, protect Azure Disk and Azure Files, and are available for many Windows versions and Linux distributions

CipherTrust Manager

CipherTrust Manager centralizes key, policy and log management for CipherTrust Transparent Encryption, available in various hardware models for on-premises deployment, or can be instantiated in the Azure Marketplace.

Bring Your Own Key

Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using the CipherTrust Cloud Key Manager.

The CipherTrust Cloud Key Manager leverages cloud provider Bring Your Own Key (BYOK) API’s to reduce key management complexity and operational costs by giving customers lifecycle control of encryption keys with centralized management and visibility. The solution is available on the Microsoft Azure Marketplace, or can be deployed on premises or in any private cloud deployment to meet more stringent compliance requirements.

CipherTrust Cloud Key Manager offers the following advantages:

  • Enhanced IT efficiency with multi-cloud key management from a single console that offers automated key rotation and comprehensive key life cycle management
  • Safer key management practices combined with cloud benefits of scale, cost and convenience
  • Greater control over keys—you can control key generation and storage of keys used in Microsoft Azure, Azure Government, AWS KMS, the Google Cloud Platform Customer Managed Encryption Key (CMEK) Service and more


CipherTrust Encryption key management solutions for Microsoft® SQL Server® and Oracle® Database Solution Brief
CTO Sessions On Demand: Protecting Your Data in Their Cloud
CTO Sessions Webcast: A Guide to BYOK and HYOK for AWS, Azure, Google, Oracle and More
Microsoft Azure Advanced Data Protection Solution Brief
Thales TCT Luna Hardware Security Solutions for Microsoft Certificate Services
Votiro + Office 365 Solution Brief
White Paper: Best Practices for Cloud Data Protection and Key Management
White Paper: Best Practices for Secure Cloud Migration
White Paper: The Case for Centralized Multicloud Encryption Key Management