- Azure Integrated HSM boosts security with cryptographic key protection
- Reduces latency and scales better than network-attached HSMs
- Keys stay isolated, ensuring tamper-resistant, in-use protection
Microsoft has introduced a new hardware security module designed to boost cloud security by enabling cryptographic key protection directly within server environments.
Azure Integrated HSM addresses latency and scalability challenges often associated with traditional network-attached HSMs while adhering to FIPS 140-3 Level 3 security requirements.
The new hardware module provides locally attached cryptographic services for encryption, decryption, signing, and verification. Keys remain isolated from software, including guest and host systems, ensuring strong physical and logical tamper protection. Unlike traditional HSMs, which introduce network latency or require key release to local environments, Azure Integrated HSM securely retains keys within the module for continuous in-use protection.
Coming to all new Microsoft data center servers
“As part of our systems approach in optimizing every layer in our infrastructure, security is a key priority, and we are designing our infrastructure hardware with multiple layers of defense with dedicated innovations to ensure robust protection for Microsoft and for our customers,” noted Mark Russinovich, Microsoft’s CTO for Azure.
The module is designed to integrate seamlessly with both confidential and general-purpose virtual machines and containers, providing dedicated, secure partitions for each workload. These partitions are hardware-isolated, allowing workloads to access keys only through controlled oracle functions. This design boosts security and reduces latency with node-integrated connections and cryptographic hardware accelerators.
Azure Integrated HSM will be installed in all new servers across Microsoft data centers starting next year, bolstering protection across Azure’s hardware fleet. This deployment is part of the Secure Future Initiative, which also includes Adams Bridge quantum-resilient accelerator and Caliptra 2.0 silicon root of trust.
“By integrating advanced hardware security features such as the silicon root of trust and secure control modules, we are providing the foundation for the trust and security that Azure delivers to our customers,” Russinovich said. “We are committed to continuously enhancing our cloud hardware security capabilities to meet the evolving needs of our customers.”