Randtronics Logo

Azure Cloud Encryption

Managing Encryption on Azure using Randtronics DPM

Leading cloud computing platform such as AWS, Google and Microsoft Azure offer organizations the ability dynamically scale computing workloads and ensure high availability through spreading workloads across a global network of managed datacentres.  Naturally each platform seeks to outdo its competitors in offering an extensive range of services designed to enhance platform utility both to help maintain competitive differentiation plus the potential tactical benefit of increasing switching cost.

Many organizations, on the other hand, prize flexibility and value the option to spread their computing loads across multiple cloud providers.  So when it comes to essential services such as encryption, we find many organisations are interested to understand their options for preserving platform portability and avoiding encryption lock-in.   

The good news is that Randtronics DPM enterprise encryption management platform supports several good options that enable organizations to maintain encryption independence across multiple cloud vendors and bring their cloud infrastructure under the control their standardised, policy-based data protections measures.  These options include:

Bring Your Own Key (BYOK)

Amongst the range of services offered by Microsoft Azure, some of the more proprietary solutions emphasize simplicity of management and scalability through the replacement of standard operating system layers by Azure proprietary systems.

Azure includes encryption as part of the built-in services of its proprietary systems and includes support for Bring Your Own Key (BYOK), allowing customers to maintain control over their own encryption keys, root-of-trust and location/protection of master keys.

Randtronics DPM supports Azure BYOK through its DPM easyKey product allowing customers to maintain complete control over:

a) Root-of-Trust, location/storage of master keys.   DPM customers can elect a software-only key management strategy or have DPM easyKey control hardware-based master key protection through the management of one or many Hardware Storage Modules (HSM) assembled from multiple vendors.

b) Policy-based Key Lifecycle management.  Centralized policy-based control of encryption keys including key creation, automatic rotation, key suspension and key destruction 

Bring Your Own File/Folder Encryption

Other services offered by Microsoft Azure, emphasise ease of provision and manageability of standard Windows/Linux operating environments. (Virtual Machines and Container environments that provide the user a Windows or Linux operating system). Utilising such services customers maintain greater flexibility over how and where services are deployed without the need to build deep platform-specific technical skills.  Secondly the methods and practices for building high-resilience, high-availability systems based on these environments are widely understood.

Randtronics DPM fully supports encryption on Azure services that present standard Windows/Linux operating systems:

a) Transparent Data Encryption for files and folders.   Policy-based data protection includes air-gap separation of sensitive data from systems administrators and platform providers.

d) Hosting of DPM products.  Our support for Azure extends to  the hosting of own products.  We have many customers who elect to run their own instances of the DPM management modules on Azure and use standard Windows/Linux methods dial-up the availability / resilience parameters (just like any other application).

Bring Your Own Database Encryption

Randtronics DPM fully supports database encryption on Azure services that present standard Windows/Linux operating systems:

a) No-code change, multi-vendor, Transparent Data Encryption.   DPM easyCipher simplifies the challenge of managing encryption across a heterogeneous database fleet.  A single TDE product that works with all databases that run on standard Windows/Linux environments allowing organisations to simplify and standardise database encryption and easing the burden of maintaining specialist technical skills.    Randtronics TDE is implemented without the need for code-change or change to user workflows.

d) No-code change, Column-level database encryption for MS-SQL and Oracle Databases.     For the most commonly used database products,  Randtronics DPM also supports column-level data protection without the requirement for code-change

Platform independent API-level data protection

Our last option for maintaining encryption independence focuses on the customers developing new applications.   Randtronics DPM supports a full range of API-based data protection methods that makes it easy for developers to invoke field-level data protections including format preserving encryption, tokenization and data-masking with the major advantage that all data protection methods are standardized and remain under centralized control:

  • Reducing the scope for errors and oversights through standardized data protection API methods
  • Ensuring that the data protection component of new applications remain easy to maintain
  • Ensuring that data protection methods remain under the control of centrally managed policies controlling encryption keys and access control

Latest news and articles

Our Customers

Letter from the CEO

Rantronics Logo

Thank you for visiting the Randtronics website.

We make enterprise encryption easy.

Smart businesses already know that only encryption can reduce the attack surface and stop the hackers from stealing their sensitive data. A company that only uses encryption is more secure than a company with all other cyber security measures. Privacy standards such as PCI DSS, HIPAA, and GDPR are all mandating in law the protection of the citizen’s personal data. Fines for breaches are huge. You won’t get fined if your firewall is hacked. You won’t get fined if you suffer a virus or ransomware attack. You WILL get fined if you lose ANY personal data pertaining to ANY citizen. The lowest common denominator is the DATA. Data that is “Encrypted” is out of the scope of the Law.

Whilst all understand the need to protect sensitive data holistically (such as NIST Cyber Security Framework or 12 prescriptive PCI DSS guidelines) their cyber security priorities are misguided to say easy aspects and not addressing “what happens” when these fail? Encryption of data is the only direct protection measure that renders data unreadable compared to upgrading firewalls or virus and malware, IPS, log monitoring, etc. I am saying you need all methods but unless you have implemented enterprise grade encryption you are still unprotected like driving a car without “seatbelts”. “Enterprise grade encryption” as a cyber measure is the “seat belt” that saves lives in car accidents. Industry experts predict a relentless continuation of data breaches this year and penetration testing have proven perimeter defense is easily penetrable.

Randtronics has taken the challenge to make encryption easy and is innovating in many areas. We have already reduced deployment effort to days, use familiar standard components so that less skilled people can deploy and maintain systems.
I welcome discussions via email or phone as through your feedback we will be challenged to continue to innovate to the point where businesses and users do not need to be intimidated when using encryption as the worlds most powerful tool to protect their sensitive data.

Experts predict data breaches will continue at relentless pace, let Randtronics secure your business with “Enterprise grade ubiquitous encryption technology”. Time is of the essence. Why not be pro-active? I invite you to let Randtronics and its global distributors and resellers assess and assist your business directly.

Yours sincerely,
Bob K Adhar, BE, MBA, CISSP
Founder and CEO