In some cases an organization wants to hold their own encryption keys (HYOK) and this is where Onevinn PKI based DKE comes in.
This is a service that is hosted in your organization and your organization has full control of these keys, meaning that not even Microsoft has a way of reading your data.
What is Double Key Encryption?
Double Key Encryption (DKE) is something you could use for your organizations most sensitive data which is subject to enhanced protection and regulatory requirements. DKE uses two keys together to access the data. One key is stored by Microsoft in Microsoft Azure and the other one is held/hosted by your organization. Protection could then be applied using sensitivity labels within Microsoft Information Protection for your most sensitive data.
For other data that needs protection it's preferred to use Microsoft Managed Key (MMK) or Bring Your Own Key (BYOK) within Microsoft Information Protection. This will allow you to take advantage of features such as:
These features above cannot be used with information protected by DKE.
DKE can be used in the following scenarios:
What is Onevinn PKI based DKE?
Handling your own encryption keys means a great responsibility when it comes to both technology but above all processes.
Onevinn have worked with AD RMS, Azure RMS, Azure Information Protection and Microsoft Information Protection for several years and have now developed a service for DKE, Onevinn PKI based DKE.
Onevinns PKI based DKE solution is built on your existing Public Key Infrastructure (PKI)*.
* Public Key Infrastructure (PKI) is a combination of processes, technologies, and policies that allows you to create, manage, distribute, store and revoke digital certificates and encryption keys.
Some of the key functions for Onevinn PKI based DKE are:
Some of the benefits includes: