Skip to main content

Overview

CloudHSM is a highly flexible HSM as a Service solution. You can choose from Platinum Service options, which offer dedicated HSMs; Economy Service, which provides multi-tenant HSMs with secure individual partitions; Sandbox Service for test and pre-production environments; and Hosted Operation Services.

Economy (ECO), Economy Certified Mode (ECO CC) and Sandbox (SBX) are multi-tennant HSM subscriptions. The subscriber obtains unique access to his partition on an HSM cluster for secure key storage and usage. The clusters in these packages are formed by 2 active HSMs in 2 active Datacenters and a third HSM in an Nato Zone 2 Electro Magnetic Puls protected bunker in the alps which serves as a backup and desaster recovery facility.

ECO is our general purpose package whereas ECO CC is operated in Common Criteria mode and is certified according CC EN 419 221-5 which is relevant for eIDAS compliant qualified signatures. SBX is our dedicated package for integration and pre-production testing. Firmware updates will be deployed on SBX first for our customers to test and verify, before it is roled out onto our ECO, ECO CC and Platinum production environments.

If you do not want a multi-tennant solution, the Platinum Service is the right choice for you. With Platinum, we offer the managed service of a dedicated HSM. The subscriber decides on the cluster size, performance, capacity and deployment locations in our datacenters. For more information and options, please contact Securosys sales.

Upon request, Securosys also offers Hosted Operation Services of your purchased Primus HSM within the CloudHSM environment.

The table below provides an overview of the different CloudHSM Service Packages that are currently available.

Economy
(ECO)
Economy Certified Mode
(ECO CC)
Sandbox
(SBX)
PLATINUMPLATINUM
(Enterprise)
Bring Your Own Key
(BYOK)
Subscription Type
Multi-tennant HSM subscription
Multi-tennant HSM subscription
Multi-tennant HSM subscription
Dedicated HSM subscription
Dedicated HSM subscription
Multi-tennant HSM subscription
Platform
2x1 +1
3 HSM in 3 data centers
2x1 +1
3 HSM in 3 data centers
2x1
2 HSM in 2 data centers
(Testing)
Dedicated HSMs hosted in data centers
Dedicated HSMs hosted in data centers
2x1 +1
3 HSM in 3 data centers
Performance
Up to 600 Sig./Min
Up to 600 Sig./Min
Best available
Up to 1`200 Sig./Min
Up to 12`000 Sig./Min
-
Capacity
10 MB
10 MB
10 MB
120 MB
240 MB
1 MB
Support
Availability
Response time
(critical/major/minor)
24 x 7 x 365
2/8/24h
24 x 7 x 365
2/8/24h
24 x 7 x 365
8/12/24h
24 x 7 x 365
1/4/8h
24 x 7 x 365
1/4/8h
24 x 7 x 365
2/8/24h
note

For more details, please refer to the latest Terms and Conditions.

Platform

High Availability (HA) cluster with synchronized data available in active/active mode and in case of ECO, ECO CC or BYOK, a 3rd HSM that is located in a Business Continutity Data Center.

Performance

A consistent performance on ECO and ECO CC packages is garanteed, measured as the average number of RSA4096/ECC512 signatures processed per minute over a 24-hour window. No hard rate limit is imposed. Performance fluctuations may be observed in short intervals.

Capacity

A partition is defined as the amount of user space in megabytes (MB) allocated on each HSM in the cluster for storing objects and partition logs.

Sandbox (SBX)

The Sandbox (SBX) is designed exclusively for integration and testing purposes. It offers a secure and controlled environment where developers and subscribers can experiment with new features, configurations, and workflows without affecting production systems. Sandbox is not intended for productive use; it is strictly for non-productive usage, operating with a simplified segregation of duties.

Keep Control

You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, make configuration changes, download backups, and even disable HSM administrators access to your partition. This way you get all the security advantages of your own HSM without all the headaches and costs.

Configuration Options

All CloudHSM service packages can be individually configured with regards to the required API integration and optional packages for Crypto Currencies, Smart Key Attributes, Post-Quantum Cryptographic (PQC) Algorithms and Transaction Security Broker.

Furthermore, in the Partition Security Pollicy, policy settings with regard to Key Import, Key Export and Key Invalidation can be set and access to the CloudHSM partition can be further restricted to a list of whilelisted source IP-addresses.