- Solutions
- Products
- Services & Support
- Blog
- About
- Contact
CloudsHSM is a hardware security module (HSM) cloud service. You could call it "managed HSM" or "HSM as a Service (aaS)". It allows users to generate encryption keys, use them, and store them securely without having to worry about time-consuming things like evaluation, setup, maintenance, and updating their own HSM. Instead experienced experts take care of it.
CloudsHSM is now available as Global or as a Regional Swiss, German, US, or Singapore Cluster. With CloudsHSM, Securosys, unlike competitors and public cloud providers, offers not only a local service from a data center but a globally synchronized system. The Global Cluster provides the lowest latency access to private keys (for signature and encryption) from anywhere in the world.
If you are looking for HSM key management of your cloud application, for example, in conjunction with HashiCorp Vault, CloudsHSM is the cost-effective and secure solution, independent from your CSP like AWS, Google, Azure (HashiCorp/Securosys integration guide). Similarly, if you are using CyberArk for privileged access management, Securosys CloudsHSM let's you manage your keys and secrets anywhere geo-redundant with low latency.
Running a HSM cluster professionally requires a wide range of know-how, resources, processes and policies. It is precisely this HSM-specific know-how that rarely belongs to the core competences of IT officers. But there is a solution for the organizations that neither have the skills nor the possibility to acquire them: They can outsource the task to the experts of Securosys CloudsHSM.
The HSM as a service consists of a partition on a Primus HSM cluster. Managed from Switzerland in Swiss, German, Singapore, or US datacenter locations regional or global HSM clusters are available. The partitions are securely separated and can be discretely controlled, configurated and complemented with various applications.
You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, make configuration changes, download backups, and even disable HSM administrators access to your partition. This way you get all the security advantages of your own HSM without all the headaches and costs.
Hardware Security Module as a Service (HSM as a service). Made in Switzerland. Without backdoors. In an ultrasecure datacenter in the Swiss alps. Globally available. Operated by the experts who have designed and manufactured the HSM for the Swiss payment clearing and settlement system.
The system is pre-configured and ready for 24/7 operation within minutes. No in-depth knowledge of HSM required. The HSM are managed by Securosys experts.
The data is located in Switzerland, or depending on the service package in e.g. Germany, Singapore, USA, and Switzerland. Ergo strong data protection, the highest political stability. The datacenter and CloudHSM operation are ISO 27001 certified. CloudHSM is certified according FIPS-140-2 Level 3. Special Common Criteria EAL4+ service certified to EN 419 221-5 that supports use for eIDAS or ZertES compliant signing services with qualified certificates.
Decanus Terminal enables you to remotely administrate your partition, including configuration, backup / restore or setting access data. You don’t even have to trust the HSM operator.
Ready to use
No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operational within hours.
No time and effort
Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.
Secure legal system
The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.
Highest level of security hardening:
Your data is kept in a Primus Hardware Security Module. Access by our experts or other Clouds HSM users is impossible. Data protection is always guaranteed.
Highest availability
The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.
Highest trustworthiness
We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.
Highest standards
FIPS-140-2 Level 3 and Common Criteria EAL4+ EN 419 221-5 certified Primus HSM. Service operation and data centers comply to ISO 27001 and BAFIN and FINMA cicrulars. Thus they comply to most of the applications.
Security policy à la carte
You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.
Best price-performance ratio
With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.
Simple integration
Many options
The applications are diverse. The connection is established via PKCS#11, JCE/JCA, Microsoft CNG interface or REST API.
Easy migration from the cloud
In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.
Ultra-Secure Devices
Certification
Specific HSM cluster available in strict FIPS mode and Common Criteria compliant mode according to EN 419 221-5 for eIDAS or ZertES applications. Specific HSM cluster available in strict FIPS mode. Operation of the service and the data centers comply to ISO 27001, tier III. Additionally, the backup data center provides protection form Electromagnetic Puls (EMP/HMP, BSI zone 3 / NATO zone 2).
Complete Isolation
Access to the key storage by other CloudsHSM users or the CloudsHSM experts is impossible. With Decanus Terminal Partition Administration you perform all management tasks yourself, you even can lock out the HSM operations team from any management activities on your partition.
Strong Redundancy
The data remains accessible even in the event of an elementary damage. They are mirrored at three geographically separate locations, one in a former military bunker in the Swiss Alps.
Failure-Free Operation
Storage in two data centers and backup location guarantees maximum availability. Each location has redundant internet connection. Every site has different internet providers.
Key Attestation
The Primus HSM in CloudsHSM feature a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. Thus, providing proof to you or any trust service provider that your keys are hold securely on Primus HSM.
LibC Swiss PKI
libC Technologies provides expert software development in IT security, authentication, encryption and digital signature. Their product SwissPKI is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to embedded or CloudsHSM solution, the service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.
CREALOGIX
CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.
CloudsHSM offers a REST API or a wide range of API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing. A complete HSM as a service solution.
Clients are free to choose the API that best suits their requirements:
If you do not want a shared solution, the Platinum Service is the right choice for you. With Platinum, dedicated HSMs carry only your keys and data. Some of our customers even buy HSMs to attain full custody and then let them run and operate in our CloudsHSM service managed by Securosys.
Securosys CloudsHSM service can be further tailored to your needs. Mixed mode operation with on-premise HSM combined with CloudsHSM is possible. You may also upgrade from shared service to dedicated HSM. Alternatively, we can also setup a CloudsHSM service inside your enterprise or department, simplifying and centralizing HSM service for your internal customers. Please contact us for an offer.
Subscription type
2x1 +1 3 HSM in 3 data centers |
2x1 +1 3 HSM in 3 data centers |
2x1, 2 HSM in 2 data centers, (in debug mode) |
Dedicated HSMs hosted in data centers |
Dedicated HSMs hosted in data centers |
Up to 600 Sig./Min |
Up to 600 Sig./Min |
Best available (In debug mode) |
Up to 1`200 Sig./Min |
Up to 12'000 Sig./Min |
100 MB
100 MB
100 MB
120 MB* |
240 MB* |
Support Availability Response time critical/major/minor |
24 x 7 x 365 2/8/24h |
24 x 7 x 365 2/8/24h |
24 x 7 x 365 8/12/24h |
24 x 7 x 365 1/4/8h |
24 x 7 x 365 1/4/8h |
* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC521 signatures per minute
Subscription type
2x1 +1 3 HSM in 3 data centers |
2x1 +1 3 HSM in 3 data centers |
2x1, 2 HSM in 2 data centers, (in debug mode) |
Dedicated HSMs hosted in data centers |
Dedicated HSMs hosted in data centers |
Up to 600 Sig./Min |
Up to 600 Sig./Min |
Best available (In debug mode) |
Up to 1`200 Sig./Min |
Up to 12'000 Sig./Min |
100 MB
100 MB
100 MB
120 MB* |
240 MB* |
Support Availability Response time critical/major/minor |
24 x 7 x 365 2/8/24h |
24 x 7 x 365 2/8/24h |
24 x 7 x 365 8/12/24h |
24 x 7 x 365 1/4/8h |
24 x 7 x 365 1/4/8h |
* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC521 signatures per minute
ECO is the package for small and medium-sized enterprises (SMB/SME). It offers exactly the performance you need at an affordable price. A user space (Partition) includes 100MB in a cluster of 2 synchronous HSM. Additionally, the data is mirrored to an HSM in the fortified backup data center. ECO is also suitable as a cost-effective backup for on-permise HSM.
Contact us if you want to know more about our products and offering.
Contact us if you want to know more about our products and offering.