Overview
CloudHSM is a highly flexible HSM as a Service solution. You can choose from Platinum Service options, which offer dedicated HSMs; Economy Service, which provides multi-tenant HSMs with secure individual partitions; Sandbox Service for test and pre-production environments; and Hosted Operation Services.
Economy (ECO), Economy Certified Mode (ECO CC) and Sandbox (SBX) are multi-tenant HSM subscriptions. The subscriber obtains unique access to his partition on an HSM cluster for secure key storage and usage. The clusters in these packages are formed by 2 active HSMs in 2 active Datacenters and a third HSM in an Nato Zone 2 Electro Magnetic Puls protected bunker in the alps which serves as a backup and desaster recovery facility.
ECO is our general purpose package whereas ECO CC is operated in Common Criteria mode and is certified according CC EN 419 221-5 which is relevant for eIDAS compliant qualified signatures.
SBX is our dedicated package for integration and pre-production testing. Firmware updates will be deployed on SBX first for our customers to test and verify, before it is roled out onto our ECO, ECO CC and Platinum production environments.
If you do not want a multi-tenant solution, the Platinum Service is the right choice for you. With Platinum, we offer the managed service of a dedicated HSM. Starting from two HSM devices, the subscriber decides on the cluster size, number of partitions, capacity and deployment locations in our worldwide datacenters. For more information and options, please contact Securosys sales.
Upon request, Securosys also offers Hosted Operation Services of your purchased Primus HSM within the CloudHSM environment.
The table below provides an overview of the different CloudHSM Service Packages that are currently available.
| Economy (ECO) | Economy Certified Mode (ECO CC) | Sandbox (SBX) | PLATINUM | HSM Operation Service) | Bring Your Own Key (BYOK) | |
|---|---|---|---|---|---|---|
| Subscription Type | ||||||
| Platform | 3 HSM in 3 data centers | 3 HSM in 3 data centers | 2 HSM in 2 data centers (Testing) | 3 HSM in 3 data centers | ||
| Performance | ||||||
| Capacity | ||||||
| Support Availability Response time (critical/major/minor) | 2/8/24h | 2/8/24h | 8/12/24h | 2/8/24h | 2/8/24h | 2/8/24h |
For more details, please refer to the latest Terms and Conditions.
A partition is defined as the amount of user space in megabytes (MB) allocated on each HSM in the cluster for storing objects and partition logs.
The Sandbox (SBX) is designed exclusively for integration and testing purposes. It offers a secure and controlled environment where developers and subscribers can experiment with new features, configurations, and workflows without affecting production systems. Sandbox is not intended for productive use; it is strictly for non-productive usage, operating with a simplified segregation of duties.
Keep Control
You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, make configuration changes, download backups, and even disable HSM administrators access to your partition. This way you get all the security advantages of your own HSM without all the headaches and costs.
Configuration Options
All CloudHSM service packages can be individually configured with regards to the required API integration and optional packages for Crypto Currencies, Smart Key Attributes, Post-Quantum Cryptographic (PQC) Algorithms and Transaction Security Broker.
Furthermore, in the Partition Security Pollicy, policy settings with regard to Key Import, Key Export and Key Invalidation can be set and access to the CloudHSM partition can be further restricted to a list of whilelisted source IP-addresses.