By Ericka Chickowski 1

The crypto specialists at Thales e-Security this week announced that they’re teaming up with Microsoft (MSFT) to help clients simplify encryption key management in the cloud. The technology partnership spawned what Thales is calling bring your own key (BYOK) technology, the foundation of its new BYOK Deployment Service Package aimed squarely at Microsoft Azure customers.

Meant to work hand-in-hand with Microsoft Azure Rights Management Services (RMS), BYOK puts more flexibility and control in the hands of customers. They’ll now be able to maintain full control over their encryption keys, with the assurance that they’ll never be visible to Microsoft. The service offers customers the ability to protect and manage their keys on premises with FIPS 140-2-certified hardware security module (HSM), even as data is sent to the cloud.

“The Azure Rights Management service helps customer safeguard their data, both inside and outside of the organization. Our collaboration with Thales on BYOK puts the customer in control of their keys,” says Dan Plastina, group manager for Microsoft. “Organizations can generate their RMS master keys on-premises, using their own Thales HSMs, and then securely transfer those keys to our Azure-hosted Thales HSMs.”

In addition, BYOK will provide the appropriate professional services to offer guidance on how to securely generate and transfer keys to the cloud.

“Customers new to hardware security module technology often find that expert assistance can make for a smooth and secure deployment and our BYOK Deployment Service can be tailored to meet a customer’s specific need,” says Richard Moulds, vice president strategy at Thales e-Security.

Click here for Talkin’ Cloud’s Top 100 CSP list

Industry studies repeatedly show security to be the number one impediment to cloud adoption. Even as companies find ways to send lower-value data to the cloud, issues around encryption and key management can hamper efforts to securely take advantage of cloud benefits for sensitive data stores. According to a recent Ponemon Security report, currently 59 percent of organizations still send data in clear text to their IaaS/PaaS cloud infrastructure.

“The goal for any security-oriented cloud service is to convey confidence that sensitive data in the cloud is protected, confidence that different tenants are strongly segregated and that control over critical security assets such as cryptographic keys remains with the customer,” Moulds says. “BYOK and the use of HSMs can protect both the consumer and the cloud provider and build the confidence to trust the service with an organization’s most valuable assets.”

Follow CJ Arlotta on Twitter @cjarlotta and Google+ for further updates on the story above — or if you just want to say hello.