惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
IT之家
IT之家
V
V2EX
Jina AI
Jina AI
V
Visual Studio Blog
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园 - 叶小钗
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
腾讯CDC
Google Online Security Blog
Google Online Security Blog
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News and Events Feed by Topic
N
News and Events Feed by Topic
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
月光博客
月光博客
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
SecWiki News
SecWiki News
博客园_首页
罗磊的独立博客
量子位
Latest news
Latest news
I
Intezer
V
Vulnerabilities – Threatpost
A
Arctic Wolf
Last Week in AI
Last Week in AI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
S
Security Affairs
阮一峰的网络日志
阮一峰的网络日志
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
N
News | PayPal Newsroom

Microsoft Azure Blog

Azure Databricks delivers proven business value | Microsoft Azure Blog Frontier models and production agents: Advancing Microsoft Foundry for the agentic era | Microsoft Azure Blog Built to bounce back: How Azure resiliency evolved | Microsoft Azure Blog External key management for Azure Managed HSM Meet Brain: The AI system behind Azure reliability | Microsoft Azure Blog Proving application resilience on Azure with Chaos Studio | Microsoft Azure Blog How to design, build, and optimize cloud infrastructure for long-term efficiency Claude in Microsoft Foundry is now generally available | Microsoft Azure Blog The 2026 Agent Confidence Index: Where 300 builders see real momentum | The Microsoft Cloud Blog Accelerate modern Linux workloads with Azure Files | Microsoft Azure Blog Optimizing PostgreSQL on Azure directly in Visual Studio Code From insight to action: The next phase of agentic cloud operations | Microsoft Azure Blog Modernize your data with Azure Storage: Plan and migrate with confidence | Microsoft Azure Blog 3 things leaders need to know from Microsoft Build 2026 | Microsoft Azure Blog Claude Fable 5 available today in Microsoft Foundry: Powering the next era of autonomous agents AI alone won’t change your business. The system running it will. Announcing Microsoft Discovery general availability and Microsoft Discovery app preview A Developer’s Guide to Managing Models, Cost and Quality in Microsoft Foundry Foundry IQ: Build smarter agents faster with unified knowledge and serverless retrieval Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases New Azure Cobalt 200 VMs deliver 50% performance improvement, fully optimized for modern agentic AI workloads Claude Opus 4.8 is now available in Microsoft Foundry Powering multi-cluster workloads with seamless cross‑cluster networking for Azure Kubernetes Fleet Manager Azure NetApp Files for EDA workloads: From revolution to breakthrough at scale Azure IaaS: Deploy high-performance workloads with a system-level approach Azure Files Entra-Only identities: Advancing cloud-native identity and security From commit to cloud: Powering what’s next for PostgreSQL Advancing enterprise AI: New SAP on Azure announcements from SAP Sapphire 2026 Red Hat Summit 2026: Platform modernization and AI on Microsoft Azure Red Hat OpenShift Build AI apps with Azure Cosmos DB: Key trends from Cosmos Conf 2026 Scaling cloud and AI: Microsoft Azure’s commitment to Europe’s digital future Azure IaaS: Defense in depth built on secure-by-design principles Microsoft named a Leader in the IDC MarketScape: Worldwide API Management 2026 Vendor Assessment OpenAI’s GPT-5.5 in Microsoft Foundry: Frontier intelligence on an enterprise ready platform Microsoft Discovery: Advancing agentic R&D at scale Introducing Azure Accelerate for Databases: Modernize your data for AI with experts and investments Cloud Cost Optimization: Principles that still matter Optimize object storage costs automatically with smart tier—now generally available Microsoft named a Leader in The Forrester Wave™ for Sovereign Cloud Platforms How Drasi used GitHub Copilot to find documentation bugs Cloud Cost Optimization: How to maximize ROI from AI, manage costs, and unlock real business value Azure IaaS: Keep critical applications running with built-in resiliency at scale Building sovereign AI at the edge: Microsoft and Armada collaborate to deliver Azure Local on Galleon modular datacenters Navigating digital sovereignty at the frontier of transformation Microsoft named a Leader in 2026 Gartner® Magic Quadrant™ for Integration Platform as a Service AI for nuclear energy: Powering an intelligent, resilient future | The Microsoft Cloud Blog What’s new with Microsoft in open-source and Kubernetes at KubeCon + CloudNativeCon Europe 2026 Advancing agentic AI with Microsoft databases across a unified data estate FabCon and SQLCon 2026: Unifying databases and Fabric on a single data platform Microsoft at NVIDIA GTC: New solutions for Microsoft Foundry, Azure AI infrastructure and Physical AI From legacy to leadership: How PostgreSQL on Azure powers enterprise agility and innovation
Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM
Mark Russino · 2026-05-01 · via Microsoft Azure Blog

As cloud workloads become more agentic and AI systems handle increasingly sensitive data, trust must be engineered directly into infrastructure. Azure Integrated HSM brings hardware‑enforced key protection into Azure, extending cryptographic trust from silicon to services through verifiable and transparent design.

As cloud workloads become more agentic and AI systems increasingly handle mission‑critical data, trust must be engineered into the infrastructure at every layer. At Microsoft, security is designed into the foundation of our cloud infrastructure, from silicon to services. With the Azure Integrated Hardware Security Module (HSM), Microsoft is redefining how cryptographic trust is delivered in the cloud.

Azure Integrated HSM is a tamper‑resistant, Microsoft‑built hardware security module integrated into every new Azure server, extending existing key management services by bringing hardware enforced protection directly to where workloads execute. Rather than relying solely on centralized services, this approach makes hardware-backed security a native property of the compute platform itself.

Azure Integrated HSM is engineered to meet FIPS 140‑3 Level 3, the gold standard for hardware security modules used by governments and regulated industries worldwide. Level 3 requires strong tamper resistance, hardware-enforced isolation, and protection against physical and logical key extraction. By building these assurances directly into the platform, Azure makes the highest levels of compliance a default property of the cloud, rather than a specialized configuration or premium add‑on.

Reinforcing transparency through trust with open-sourced designs

Our approach to hardware security is grounded in a simple belief: transparency builds trust, and industry collaboration strengthens security. Openness strengthens trust by allowing customers, partners, and regulators to validate design choices and security boundaries.

This week, at the Open Compute Project (OCP) EMEA Summit, we announced plans to open the Azure Integrated HSM to the broader open hardware ecosystem. Through OCP, we plan to release the Azure Integrated HSM firmware, driver, and software stack as open source, and launch an OCP workgroup to guide ongoing development—spanning architectural design, protocol specifications, firmware, and hardware. The Azure Integrated HSM firmware is now available through the Azure Integrated HSM GitHub repository, alongside independent validation artifacts such as the OCP SAFE audit report.

This openness is particularly important for regulated industries and sovereign cloud scenarios, where independent validation of security controls is required. By making key components available for external review, Azure Integrated HSM enables customers, partners, and regulators to assess implementation details directly rather than relying solely on vendor assertions.

This approach strengthens confidence in the platform and helps establish a more transparent and verifiable foundation for cloud security, while reducing reliance on proprietary vendor specific protocols. At a time when cryptographic trust underpins everything from AI inference to national digital infrastructure, open sourcing the HSM is a practical step toward interoperability, auditability, and customer confidence.

A tiered approach to key management

This design complements services like Azure Key Vault and Azure Managed HSM, which continue to provide centralized key lifecycle management, governance, and policy enforcement. Azure Integrated HSM adds a new layer; one that brings cryptographic protection down to the individual server, so that keys are protected not just when they are stored but while they are actively being used by workloads. The Azure Integrated HSM also supports industry standards such as TDISP, enabling secure binding between the HSM and confidential computing environments.

In the coming weeks, Azure Integrated HSM will be available in Azure V7 virtual machines to all customers globally.

Setting a new standard for server-local key protection at scale

With Azure Integrated HSM, encryption keys are generated, stored, and used entirely within hardened hardware. Keys are designed to never appear in host memory, guest memory, or software processes even during active cryptographic operations. By keeping keys within the hardware boundary at all times, Azure Integrated HSM eliminates entire classes of key and credential exfiltration attacks that target memory or software layers.

The result is true customer control enforced by silicon, not policy. Security is no longer dependent on operational discipline or complex isolation assumptions; it is enforced by hardware.

Traditional cloud security models rely on centralized HSM services accessed over the network. While effective, these models introduce shared blast radius, scalability challenges, and performance constraints as workloads grow.

By anchoring cryptographic protection directly to the server, security scales naturally with compute. There are no shared bottlenecks, no added network hops, and no need to trade performance for protection. As Azure scales, security scales with it.

With hardware roots of trust, measured boot, and attestation, Azure Integrated HSM makes trust verifiable rather than contractual. Customers and regulators can cryptographically validate that approved hardware, firmware, and configurations are in place. This can be further verified by the open-source firmware. Trust is no longer something you accept; it is something you can prove.

Together, these capabilities establish a new baseline for cloud security, one in which hardware-enforced, verifiable trust is the default for modern workloads, from core infrastructure services to the next generation of AI. When combined with confidential computing, open silicon roots of trust, Azure Boost, and datacenter-level secure control modules, the Azure Integrated HSM helps establish a vertically integrated chain of trust, from silicon to software.

We invite customers, partners, and the broader open-source community to contribute to the architecture and help shape future standards. Together, we can build secure, sovereign, and open cloud infrastructure for the challenges ahead.

For additional information, read the announcement blog and learn more about Azure Security.