Security Incident Response

In case of emergency, let our security experts stop the cyberattack and minimize the impact of intruders.

Onevinn CSIRT can help you recover data from encrypted files, get the rebuilding process up to speed, and provide strategic advice moving forward. Fill out the form below and we will contact you!

Double Key Encryption (DKE) for Microsoft Information Protection

This week Microsoft Ignite starts. One of the biggest news around Microsoft Information Protection is the new encryption technology. This is meant to be the new Hold Your Own Key (HYOK) option that will replace the alternative to use AD RMS. The new technology is called Double Key Encryption (DKE), simply because it uses two keys to protect your data—one key in your control, and the other one is your Azure RMS key. Viewing data protected with Double Key Encryption requires access to both keys. Compared to AD RMS (that is built on the local Active Directory) DKE are using Azure AD. In the same way as Azure RMS information can be protected to both internal as well as external users.

The content that is being encrypted with DKE is protected with your own key (where ever the content is stored). You have a lot of options for your own key, that is running on a web service that can be stored where ever you want. Access to this key is definied by you, which give you a lot of possibilities to meet different business requirements.
The concept is still that Microsoft doesn’t have access to this key and therefor none of the online services from Microsoft will work. No support of Office Online apps/Microsoft Teams or actions like co-authoring or eDiscovery/content search is available.

This technology is built into the Modern Office, also called Office ProPlus that will have support to encrypt and decrypt with DKE. In the first release this will only work on Office for Windows, but the plan is to release this to all kind of platforms (iOS, Mac, Android etc.) The goal is to support email encryption as well (with the requirement to use the modern Outlook app) but for now, DKE only supports Office Documents, Excel files and PowerPoints.

In the same way as HYOK with AD RMS this is only meant to be use for certain highly confidential information. Information that have this specific business encryption/access requirements.

image

I will not keep trying to explain this technology more in text Have a lock at this video where I explain the concept and everything you need to know about the encryption and decryption with DKE.