By Tim Bramble | January 08, 2015

After months of development and behind-the-scenes preparation, Microsoft has announced its Azure Key Vault. We were proud to be invited by Microsoft to participate in early development and integration of our CloudLink data security product with Azure Key Vault. You can read the formal announcement here. In this post, let me highlight a few important aspects of the news.

We, at CloudLink, have a mission to integrate services provided by operating systems, virtualization platforms and cloud providers with security solutions that are more than the sum of their parts. We do this by orchestrating key management and policy-based security control in ways that are easy to deploy and use by enterprise IT across the hybrid cloud.

Frequently, our customers tell us that they don’t want cloud providers to have complete control over encryption keys because of the data access this allows. However, customers do want to leverage the security, convenience and reliability of cloud-based key management. Given our customers’ concerns, we looked at how CloudLink could help them take advantage of the benefits of the hybrid cloud while leveraging the reliability and security of a cloud provider-hosted keystore.

As with many fruitful endeavors, the secret to success is finding optimal balance. For the hybrid cloud, the challenge is balancing the convenience of relying on a cloud provider for key management and the confidence of being the master of your own keys. With our CloudLink SecureVM solution, the cloud provider is responsible for key generation and storage. The customer controls the policy regulating key access and use. The following diagram illustrates how CloudLink SecureVM works with Microsoft Azure Key Vault.


A key point is that VMs secured by CloudLink SecureVM do not talk to Microsoft Azure Key Vault directly, but rather to CloudLink Center, the solution’s security policy and key management virtual appliance. CloudLink Center can be deployed anywhere in the hybrid cloud. When deployed in the private cloud, only the VM owner (the customer) has full control of CloudLink Center’s operation. In other words, both the customer and the provider have access to Microsoft Azure Key Vault, but only the customer has access to CloudLink Center and is, therefore, the only one with access to the VMs’ sensitive data.

The value of Microsoft Azure Key Vault is in its reliability, availability and features such as hardware-backed key generation and storage, not to mention its rich API. In this solution, the value of CloudLink lies in the degree of security control it gives customers while maintaining the automation and ease-of–use associated with the cloud.

But there’s more. Some of our customers place a high priority on hedging their bets, hesitating to use a single cloud environment exclusively. In particular, large enterprise customers–often with thousands of VMs running in the cloud and requiring security–want the same solution to work in at least two clouds (let’s say Microsoft Azure and Amazon Web Services, IBM SoftLayer, VMware vCloud Air or Google Cloud Compute).

Even if a customer makes Azure its primary cloud provider with Microsoft Azure Key Vault as its key store, this does not necessarily mean that all VMs will run exclusively in Azure. Typically, many operational and business considerations require the use of alternative cloud providers. CloudLink enables such use cases with ease. Just register VMs running CloudLink SecureVM, no matter where they are deployed, to a CloudLink Center connected to Azure Key Vault!



There you have it: a hybrid multi-cloud security solution that benefits from the convenience and security of cloud-based key generation and management, offered by Microsoft Azure Key Vault, while affording you exclusive control of, and access to, your sensitive VMs and their data.

If you’d like to give this a try, let us know and we’ll provide you with a preview version of CloudLink SecureVM which supports Microsoft Azure Key Vault.

Leave a Reply


We are very pleased to announce that CloudLink has been acquired by EMC Corporation.  EMC is the leader in delivering solutions that enable the world to store, manage and leverage data.  The EMC Enterprise Hybrid Cloud enables customers to deploy IT as a Service quickly and easily.  CloudLink is an award-winning provider of software-based data security solutions for hybrid clouds.  As part of EMC, CloudLink will empower customers to embrace the hybrid cloud while addressing concerns around data security and sovereignty, and maintaining regulatory compliance.

Since CloudLink turned its focus to cloud security more than four years ago, we have been heartened to witness the exponential growth of private, public and hybrid cloud and honored to help our customers embrace this new paradigm.  Our induction into the EMC Select partner program two years ago was both a privilege and an excellent opportunity for us to develop solutions that truly address customer needs.  We are eager to contribute to the customer value EMC delivers through its industry-leading innovation, service and support.

Above all, we’d like to extend our thanks to our customers, partners and employees, as well as everyone who has helped us evolve and innovate.  We are very excited to join the EMC family and look forward to continuing our joint commitment to making hybrid cloud a success. If you have any immediate questions, please do not hesitate to contact us at


The CloudLink Team
PS Read the story behind the acquisition.