Enhanced Security for Your Azure Information Protection (AIP) Deployment

Safeguard and manage your AIP keys with high assurance hardware

While most content can be served by securely stored keys in Azure Key Vault, some sensitive content can never be shared or transmitted outside your own security perimeter. The security for this sensitive content needs to be physically on-premises only, with very limited access and sharing. To manage your most sensitive data within your own security perimeter, AIP offers hold your own key (HYOK) that is enabled by an on-premises physical component, with key management provided through nCipher hardware security modules (HSMs).

What are HSMs?

HSMs are high-performance cryptographic devices designed to generate, safeguard, and manage sensitive key material. nCipher nShield HSMs maintain your keys securely locked and usable only within the protected boundary. This enables you to maintain custody of your keys and visibility over their use.

Security Boundary

Why use nCipher nShield HSMs with AIP

nShield HSMs provide hardened protection for the keys used by AIP to secure your critical data. nShield generate, safeguard, and manage the keys completely independent of the software environment.

How it works

nShield HSMs create a locked cage protecting your keys. The keys are protected within a carefully designed cryptographic boundary that employs robust access control mechanisms that let you enforce separation of duties to ensure the keys are only used for their authorized purpose. nShield use key management, storage, and redundancy features to guarantee your keys are always accessible when needed.


nCipher nShield HSMs provide a hardware solution to protect your critical keys. nShield safeguards and manages the keys completely independently from the software environment, enabling you to hold your own key when access to your most sensitive content needs to remain physically on-premises only.