External Key Management in Managed HSM
Analysis of External Key Management in Azure Managed HSM, including architecture, security risks, and operational overhead.
Roelf Zomerman is a Microsoft Cloud Solution Architect and Certified Master specializing in Azure, Active Directory, and complex enterprise infrastructures.
25 articles from this blog
Analysis of External Key Management in Azure Managed HSM, including architecture, security risks, and operational overhead.
Analysis of AI's role in data sovereignty, focusing on economics, data interaction, and the shift from storage concerns to query visibility.
Analysis of Big Tech sovereignty, trust, and the distinction between consumer and enterprise terms and conditions.
A structured approach to discussing cloud sovereignty concerns, moving from emotion to risk assessment in IT.
Analysis of sovereignty risks in digital infrastructure, focusing on trade-offs between global providers like M365 and local alternatives.
Analysis of Europe's ability to build a hyperscale cloud provider, exploring the history, economics, and technical challenges of competing with global tech giants.
Explores trade-offs between hyperscale and local hosting for sovereignty, focusing on security, dependencies, and risk acceptance in IT infrastructure.
Analysis of sovereignty risks in cloud computing, focusing on legal frameworks, data access, and service availability across jurisdictions.
Explores digital sovereignty in public cloud, examining geopolitical, legal, and technical challenges beyond data residency.
Explains how to implement sovereign controls in Azure using policies for data residency, encryption, and confidential computing.
Analyzes hardware differences between hyperscale cloud providers (AWS, Azure) and smaller cloud providers, focusing on custom silicon and security.
Explains and compares the four primary disk encryption options for Azure Virtual Machines, detailing their underlying architectures and use cases.
A guide to deploying Azure Confidential VMs with memory encryption, including a PowerShell script to automate the setup process.
Explores Client-Side Encryption (CSE) and its role in data security, comparing it to server-side methods and discussing its advantages and security considerations.
Compares External Key Store and Azure Managed HSM for secure cryptographic key storage and management in cloud environments.
Explains modern cloud disaster recovery and resilience using Availability Zones, contrasting with legacy data center approaches.
Two PowerShell scripts for migrating Azure VMs, VMSS, disks, and NICs between availability zones or from regional to zonal deployment.
A guide and script for converting existing Azure Virtual Network Gateways to zone-redundant or zonal configurations to leverage Availability Zones.
Explains how to use Microsoft's API and a PowerShell script to check Azure Availability Zone mappings between different subscriptions for deployment planning.
A technical guide on configuring BGP filters on Juniper SRX devices to control route advertisements, specifically for an AnyCast DNS setup.