CloudsHSM is a hardware security module (HSM) cloud service. It allows users to generate encryption keys, use them and store them securely without having to worry about time-consuming things like evaluation, setup, maintenance and updating their own HSM. Instead experienced experts take care of it. CloudsHSM uses HSM from the manufacturer, who also supplied the devices for the Swiss Interbank Clearing.
Running a HSM cluster professionally requires a wide range of know-how, resources, processes and policies. It is precisely this HSM-specific know-how that rarely belongs to the core competences of IT officers. But there is a solution for the organizations that neither have the skills nor the possibility to acquire them: They can outsource the task to the experts of Securosys CloudsHSM.
The HSM as a service consists of a partition on a Primus HSM cluster we design and manufacture ourselves in Switzerland. We even operate these highly secure and highperformance devices in Switzerland, thus meaning the data are subject to Swiss data protection law being one of the strictest in the world. The partitions are securely separated and can be discretely controlled, configurated and complemented with various applications.
You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, make configuration changes, download backups, and even disable HSM administrators access to your partition. This way you get all the security advantages of your own HSM without all the headaches and costs.
Hardware Security Module as a Service. Made in Switzerland. Without backdoors. In an ultrasecure datacenter in the Swiss alps. Operated by the experts who have designed and manufactured the HSM for the Swiss payment clearing and settlement system.
The system is pre-configured and ready for 24/7 operation within minutes. No in-depth knowledge of HSM required. The HSM are managed by Securosys experts.
The data is located in Switzerland, ergo strong data protection, the highest political stability. The HSMs are located in ISO 27001-compliant data centers and are certified according FIPS-140-2 Level 3.
Decanus Terminal enables you to remotely administrate your partition, including configuration, backup / restore or setting access data. You don’t even have to trust the HSM operator.
Ready to use
No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operationable within hours.
No time and effort
Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.
Secure legal system
The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.
Highest level of security hardening:
Your data is kept in a Primus Hardware Security Module. Access by our experts or other Clouds HSM users is impossible. Data protection is always guaranteed.
Highest availability
The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.
Highest trustworthiness
We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.
Highest standards
FIPS-140-2 Level 3 certified Primus HSM. Service operation and data centers comply to ISO 27001 and FINMA cirulars. Thus they comply to most of the applications.
Security policy à la carte
You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.
Best price-performance ratio
With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.
Simple integration
Many options
Applications are manyfold. Connection is established by PKCS#11, open SSL, JCE/JCA, or CNG interface (for MS windows).
Easy migration from the cloud
In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.
Ultra-Secure Devices
Certification
The Primus HSM are FIPS140-2 Level 3 certified and operated in normal mode. Specific HSM cluster available in strict FIPS mode. Operation of the service and the data centers comply to ISO 27001, tier III. Additionally, the backup data center provides protection form Electromagnetic Puls (EMP/HMP, BSI zone 3 / NATO zone 2).
Complete Isolation
Access to the key storage by other CloudsHSM users or the CloudsHSM experts is impossible. With Decanus Terminal Partition Administration you perform all management tasks yourself, you even can lock out the HSM operations team from any management activities on your partition.
Strong Redundancy
The data remains accessible even in the event of an elementary damage. They are mirrored at three geographically separate locations, one in a former military bunker in the Swiss Alps.
Failure-Free Operation
Storage in two data centers and backup location guarantees maximum availability. Each location has redundant internet connection. Every site has different internet providers.
Key Attestation
The Primus HSM in CloudsHSM feature a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. Thus, providing proof to you or any trust service provider that your keys are hold securely on Primus HSM.
LibC Swiss PKI
libC Technologies provides expert software development in IT security, authentication, encryption and digital signature. Their product SwissPKI is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to embedded or CloudsHSM solution, the service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.
CREALOGIX
CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.
Our CloudsHSM is a very flexible HSM-as-a-service offering. You can choose between economic options where HSMs are shared by multiple users, each securely partitioned in their own partition. Even if you operate HSMs yourself, our sandbox service can be a hassle-free alternative for a test and pre-production environment.
If you do not want a shared solution, the Platinum Service is the right choice for you. With Platinum, dedicated HSMs carry only your keys and data. Some of our customers even buy HSMs to attain full custody and then let them run and operate in our CloudsHSM service managed by Securosys.
Securosys CloudsHSM service can be further tailored to your needs. Mixed mode operation with on-premise HSM combined with CloudsHSM is possible. You may also upgrade from shared service to dedicated HSM. Alternatively, we can also setup a CloudsHSM service inside your enterprise or department, simplifying and centralizing HSM service for your internal customers. Please contact us for an offer.
Subscription type
|
2x2 +1 5 HSM in 3 data centers |
|
2x1 +1 3 HSM in 3 data centers |
|
2x1, 2 HSM in 2 data centers, (in debug mode) |
|
Dedicated HSMs hosted in data centers |
|
Dedicated HSMs hosted in data centers |
|
Up to 1`200 Sig./Min |
|
Up to 600 Sig./Min |
|
Best available (In debug mode) |
|
Up to 1`200 Sig./Min |
|
Up to 12'000 Sig./Min |
200 MB
100 MB
200 MB
|
120 MB* |
|
240 MB* |
|
Support Availability Response time critcal/major/minor |
|
24 x 7 x 365 1/4/8h |
|
24 x 7 x 365 2/8/24h |
|
24 x 7 x 365 8/12/24h |
|
24 x 7 x 365 1/4/8h |
|
24 x 7 x 365 1/4/8h |
Pricing (EUR)
* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC512 signatures per minute
Subscription type
|
2x2 +1 5 HSM in 3 data centers |
|
2x1 +1 3 HSM in 3 data centers |
|
2x1, 2 HSM in 2 data centers, (in debug mode) |
|
Dedicated HSMs hosted in data centers |
|
Dedicated HSMs hosted in data centers |
|
Up to 1`200 Sig./Min |
|
Up to 600 Sig./Min |
|
Best available (In debug mode) |
|
Up to 1`200 Sig./Min |
|
Up to 12'000 Sig./Min |
200 MB
100 MB
200 MB
|
120 MB* |
|
240 MB* |
|
Support Availability Response time critcal/major/minor |
|
24 x 7 x 365 1/4/8h |
|
24 x 7 x 365 2/8/24h |
|
24 x 7 x 365 8/12/24h |
|
24 x 7 x 365 1/4/8h |
|
24 x 7 x 365 1/4/8h |
Pricing (EUR)
* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC512 signatures per minute
ES is the package for companies who put the highest requirements on availability, redundancy of data storage, capacity and performance. It includes a user space (Partition) of 200MB, which is kept synchronously on 4 physical HSM in geographically separated data centers for failover and load balancing. Additionally, the data is mirrored to an HSM in the fortified backup data center. ES users benefit from comprehensive support.
ECO is the package for small and medium-sized enterprises (SMB/SME). It offers exactly the performance you need at an affordable price. A user space (Partition) includes 100MB in a cluster of 2 synchronous HSM. Additionally, the data is mirrored to an HSM in the fortified backup data center. ECO is also suitable as a cost-effective backup for on-permise HSM.
Contact us if you want to know more about our products and offering.
Contact us if you want to know more about our products and offering.
