Reinforcing Data Security with Double Encryption Key
Enhance Data Protection with Double Key Encryption for Microsoft 365
While Microsoft 365 encrypts by default data stored in its cloud services both at rest and in transit, using some of the strongest and most secure encryption protocols, riks of unauthorised data access and compliance breaches remain.
To mitigate those risks, Microsoft provides an encryption implementation called Double Key Encryption (or DKE for short), which provides an enhanced level of data protection to secure sensitive documents and data. Unlike traditional encryption methods that rely on a single key, with Double Key Encryption (DKE) one key is held by Microsoft, while the other key is exclusively managed externally by the client, giving complete data sovereignty.
This implementation ensures that even if one key is compromised, the data remains encrypted and inaccessible.
With Double Key Encryption, organisation can confidently move their most sensitive data to the Azure cloud and maintain compliance with stringent data privacy regulations, including HIPAA, GDPR, FINMA, etc.
Encrypt
There is a risk that rogue administrators working at cloud service providers access customer data or keys with the intent to misuse the data. With DuoKey you keep dual control of your encryption keys while protecting sensitive documents stored in the cloud.
Protect
The most significant threats to the exposure of sensitive or confidential data are employee mistakes. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping and lawful data requests.
Track
Check who opened your sensitive content using our DuoKey track map. We provide real-time activity logs on all sensitive content while it is decrypted using our DKE service. If you want to block access to a domain or a specific user, you can leverage on conditional access control rules.
In detail
Double Key Encryption for Microsoft 365
Unparalleled Protection for Your Microsoft 365 Data with Double Key Encryption (DKE)
While most of Microsoft’s Double Key Encryption solutions rely on the use of Hardware Security Module (HSM) to store customer keys, DuoKey provides an additional layer of protection by encrypting all document encryption keys (DEK) with a root master key (MK) using secure Multi-Party Computation (MPC). With MPC, the MK, which is under the exclusive control of the customer, remains securely protected and never exists in plain text, as it is divided and distributed across servers.
In this setup, the cloud provider has no access to the MK, ensuring the highest level of data confidentiality and control. This allows to:
▫️ Maintain data sovereignty ▫️ Comply with regulatory requirements ▫️ Control your encryption keys ▫️ Protect your sensitive data in the Azure Cloud
DuoKey DKE module seamlessly integrates with leading HSM vendors like Securosys, Atos HSM, Thales, and more.
Always client-side encryption is performed
No third-party can ever access your data
Dedicated tenant and vault for storing your keys
Monitor who uses your keys
Feedback
We are trusted by our partners
We appreciate DuoKey's cutting-edge approach to cloud security. Their double key encryption and advanced key management solutions not only enhance data protection but also ensure compliance. Utilizing advanced Multi Party Computation (MPC) protocols developed over decades by our team of acclaimed researchers, DuoKey delivers a superior level of cryptographic security, making it a reliable choice for safeguarding cloud applications and sensitive data.
Ahmet Tuncay - Former CEO, Sepior ApS
Blockdaemon Inc
DuoKey has revolutionized data security in our healthcare organization. Their encryption solutions provide robust protection for our sensitive health data, ensuring compliance and peace of mind.
CISO at Large Health NGO
Large Health NGO
Take control of your encryption keys and protect sensitive data today!
Products
Other products in our arsenal