Getting started
The Stormshield Encryption Platform (SEP) solution helps implementing Data Centric Security and Zero Trust (ZT) in your environment at multiple levels:
-
Application level: Integrate Zero Trust directly into your existing applications, or those currently under development (e.g., Google Workspace, Microsoft Office 365, healthcare applications, IoT, business),
-
Development process: Secure your data and access to your data during your development processes. For instance by securing private HTTPS keys or API tokens for CI/CD, GitOps, etc.,
-
Infrastructure level: Protect your secrets at the lowest level in your deployments, especially by securing Kubernetes.
Stormshield KMaaS is the backend component of this ecosystem and acts as a Policy Decision Point as defined in the Zero Trust architecture, securing and authorizing access to confidential data.
It includes the Double Key Encryption (DKE) module, which is dedicated to securing Microsoft Office files and emails in a Windows environment.
The DKE module allows you to configure your backend server to protect your data in a Microsoft environment. For more information, see the Microsoft documentation.
This module exposes:
-
A public key retrieval endpoint used by Microsoft to get the keys used during local encryption of Data Encryption Keys (DEKs),
-
A decryption endpoint used by Microsoft to request decryption of the previously encrypted DEKs.
All cryptographic material remains under the exclusive control of the Stormshield KMaaS.
NOTE
The use of the solution in any way other than as described in the documentation is not managed. Alternatively, get in touch with Stormshield Support for clarification.
This guide describes how to deploy the Stormshield KMaaS for DKE as an SaaS solution. To implement the solution on site, contact your Stormshield commercial referent at sales@stormshield.eu.