What is CloudHSM?
CloudHSM is a managed Hardware Security Module (HSM) service by Securosys. It provides secure, cloud-based HSMs for generating and managing encryption keys used by your applications. Built on proprietary hardware and software, CloudHSM offers end-to-end control without intermediaries.
Key Features
- Use Cases: Ideal for Public Key Infrastructures, Key Management, Identity and Access Management, Data Encryption, TLS-Termination, Document and Code Signing, Crypto Custody, and more.
- Deployment Options: Choose between dedicated HSMs or a multi-tenant setup. Available in Global, Swiss, European, North American, and Asia-Pacific clusters.
- High Availability: Clusters are synchronized across multiple HSMs for redundancy and low latency, offering local, regional, and global access points.
Service Packages
CloudHSM offers a variety of services tailored to different needs, ensuring flexibility and scalability for your organization:
HSM as a Service (HSMaaS)
- Multi-tenant HSM
- Dedicated HSM: exclusively owned and operated by Securosys, ensuring your keys and data remain isolated.
- Customer-owned HSM: Maintain full custody by owning the HSM while it’s operated by Securosys.
- Bring Your Own Key (BYOKaaS): a multi-tenancy HSM for Bring Your Own Key purpose (BYOKaaS)
Compare the technical performances to find the best fit for your security and performance needs.
Additional services
- Transaction Security Broker as a Service (TSBaaS)
- REST API as a Service (RESTaaS)
- Double Key Encryption as a Service (DKEaaS)
- Decanus Terminal’s Partition Administration: you maintain full control over your partition—manage access, make configuration changes, download backups, and even disable HSM administrator access. Enjoy the security benefits of owning an HSM without the associated hassles and costs.
Securosys CloudHSM service can be further tailored to your needs. Mixed mode operation with on-premise HSMs combined with CloudHSM is possible. You may also upgrade from a multi-tennant service to dedicated HSMs.
Cryptographic Features
CloudHSM offers a range of cryptographic features:
- Secure random data generation.
- Key management (generation, storage, import, export).
- Data encryption and decryption (symmetric/asymmetric).
- HSM-backed certificate generation.
- Implement file encryption based on ECIES for secure data handling.
- Key Attestation and Smart Key Attributes.
- Cryptocurrencies and Post-Quantum Cryptography.
Explore our service packages to find the perfect fit for your needs. Not all features are compatible with every package, so be sure to check the full list of features and options to see what aligns with your chosen service. Browse the options & features.
API Integration Options
CloudHSM offers a REST API and a selection of Primus API Providers (client API software / libraries), installed on your application server. These ensure secure communication with the HSM, along with automatic failover and load balancing.
- REST API (HTTPS)
- Best suited for complex architectures (micro-services) with different software stacks and languages.
- Utilize the Swagger-UI for a comprehensive API documentation, which helps in understanding the API structure and functionality, significantly reducing development time.
- Upgradeable to Transaction Security Broker for Smart Key Attributes, Cryptocurrencies
- JCE/JCA
- Most flexible solution for Java integration.
- Enhanced feature support for Smart Key Attributes, Cryptocurrencies, Key Attestation and more.
- PKCS#11
- Best for applications that use the PKCS#11 standard interface, e.g. OpenSSL, Apache, NGINX, Public Key Infrastructures, Key Management Systems and many programming language libraries.
- Microsoft CNG
- Best for Microsoft Windows operating systems.
- Native integration for many applications using Microsofts Cryptography Next Generation interface (CNG).
Integrations
CloudHSM is meant to work with a wide range of applications such as OpenSSL, Amazon Web Services (AWS), Docker Signing, Salesforce, HasiCorp and many more.