Running an HSM cluster requires a wide range of know-how, resources, processes, and policies. This HSM-specific know-how rarely belongs to the core competences of IT officers. By outsourcing HSM cluster management to trusted experts with Securosys CloudHSM, companies can easily achieve full compliance with security standards while maintaining full focus on their core business.
Our HSM as a service runs on a partition of a Securosys Primus HSM cluster. Each partition is securely separated and can be individually controlled, configurated, and complemented with various applications. Managed from Switzerland, our regional and global HSM clusters are hosted in datacenters based in Switzerland, Germany, Singapore, or the US.
You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, adjust the configuration, download backups, and even disable HSM administrators’ access to your partition. Get all the security advantages of your own HSM without the headaches and costs.
Hardware Security Module as a Service (HSM as a service). Made in Switzerland. Without backdoors. In an ultrasecure datacenter in the Swiss alps. Globally available. Operated by the experts who have designed and manufactured the HSM for the Swiss payment clearing and settlement system.
Built and hosted by the experts who developed and produced the HSM for for the Swiss payment clearing and settlement system.
Always up-to-date services and security measures with experts operating devices and updating firmware behind the scenes.
Seamless integration into existing systems via PKCS#11, openSSL, JCE/JCA, Windows CNG interface, or REST API.
Pre-configured and ready for 24/7 operation in minutes, requiring no in-depth knowledge of HSM.
CloudHSM is a turnkey service and can be activated immediately, requiring no evaluation and setup project.
Low investment costs, low cost of ownership. No initial costs or tied up capital, with full scalability to meet growing demand.
Remotely partition administration, including configuration, backup, restore or setting access data.
Decanus Terminal enables you to remotely administrate your partition, including configuration, backup / restore or setting access data. You don’t even have to trust the HSM operator.
Ready to use
No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operational within hours.
No time and effort
Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.
Secure legal system
The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.
Security hardened
Your data is kept in a Primus Hardware Security Module. Access by our experts or other CloudHSM users is impossible. Data protection is always guaranteed.
Highest availability
The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.
Highest trustworthiness
We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.
Highest standards
FIPS-140-2 Level 3 and Common Criteria EAL4+ EN 419 221-5 certified Primus HSM. Service operation and data centers comply to ISO 27001 and BAFIN and FINMA cicrulars. Thus they comply to most of the applications.
Security policy à la carte
You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.
Best price-performance ratio
With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.
Simple integration
Many options
The applications are diverse. The connection is established via PKCS#11, JCE/JCA, Microsoft CNG interface or REST API.
Easy migration from the cloud
In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.
Ultra-Secure Devices
Certification
Specific HSM cluster available in strict FIPS mode and Common Criteria compliant mode according to EN 419 221-5 for eIDAS or ZertES applications. Specific HSM cluster available in strict FIPS mode. Operation of the service and the data centers comply to ISO 27001, tier III. Additionally, the backup data center provides protection form Electromagnetic Puls (EMP/HMP, BSI zone 3 / NATO zone 2).
Complete Isolation
Access to the key storage by other CloudHSM users or the CloudHSM experts is impossible. With Decanus Terminal Partition Administration you perform all management tasks yourself, you even can lock out the HSM operations team from any management activities on your partition.
Strong Redundancy
The data remains accessible even in the event of an elementary damage. They are mirrored at three geographically separate locations, one in a former military bunker in the Swiss Alps.
Failure-Free Operation
Storage in two data centers and backup location guarantees maximum availability. Each location has redundant internet connection. Every site has different internet providers.
Key Attestation
The Primus HSM in CloudHSM feature a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. Thus, providing proof to you or any trust service provider that your keys are hold securely on Primus HSM.
LibC Swiss PKI
libC Technologies provides expert software development in IT security, authentication, encryption and digital signature. Their product SwissPKI is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to embedded or CloudHSM solution, the service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.
CREALOGIX
CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.
CloudHSM offers a REST API or a wide range of API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing. A complete HSM as a service solution.
Clients are free to choose the API that best suits their requirements: