At Ignite 2024, Microsoft unveiled two new chips. In addition to the Azure Boost DPU, a data processing chip running through the network, there is also a security chip called Azure Integrated HSM (HSM stands for Hardware Security Module).
The role of Azure Integrated HSM is to store various encryption keys used to secure data. This chip protects keys while in use, not just when stored. Keys are not exported outside the HSM, and the hardware accelerates decryption-encryption processes.
Microsoft stated that cloud key storage services have been around for a while. While key protection is strong, scalability is challenging. There are latency limitations when accessing data across the network or when keys need to be used outside the HSM, compromising security strength.
Azure Integrated HSM addresses these issues by attaching the HSM service to the VM that requires keys (eliminating latency) while keeping the keys at a hardware level to maintain security and restrict access by other software.
Microsoft mentioned that all new servers on Azure in their own data centers will have Azure Integrated HSM installed starting next year.
TLDR: Microsoft unveiled two new chips at Ignite 2024, including Azure Integrated HSM for secure key storage with hardware-level protection. Servers on Azure will have this feature installed starting next year.
Leave a Comment