- Azure Integrated HSM enhances security with cryptographic key protection
- Reduces latency and scales better than network-attached HSMs
- Keys remain isolated, ensuring tamper-proof protection during use
Microsoft has introduced a new hardware security module designed to improve cloud security by enabling cryptographic key protection directly within server environments.
Azure Integrated HSM addresses latency and scalability issues often associated with traditional network-attached HSMs while meeting FIPS 140-3 Level 3 security requirements.
The new hardware module provides locally connected cryptographic services for encryption, decryption, signing and authentication. Keys remain isolated from software, including guest and host systems, ensuring strong physical and logical tamper protection. Unlike traditional HSMs, which introduce network latency or require key disclosure for on-premises environments, Azure Integrated HSM securely stores keys within the module for continuous protection during use.
Available for all new Microsoft data center servers
“As part of our systems approach to optimizing every layer in our infrastructure, security is a top priority, and we design our infrastructure hardware with multiple layers of defense with special innovations to ensure robust protection for Microsoft and our customers,” said Mark Russinovich, Microsoft’s CTO for Azure.
The module is designed to integrate seamlessly with both confidential and general-purpose virtual machines and containers, providing dedicated, secure partitions for any workload. These partitions are hardware isolated, allowing workloads to access keys only through controlled oracle functions. This design increases security and reduces latency with node-integrated connections and cryptographic hardware accelerators.
Azure Integrated HSM will be installed on all new servers in Microsoft data centers starting next year, strengthening the protection of Azure’s hardware fleet. This deployment is part of the Secure Future Initiative, which also includes the quantum resilient accelerator Adams Bridge and the Caliptra 2.0 silicon root of trust.
“By integrating advanced hardware security features, such as the silicon root of trust and secure control modules, we are laying the foundation for the trust and security that Azure delivers to our customers,” said Russinovich. “We strive to continually improve our cloud hardware security capabilities to meet the evolving needs of our customers.”