Products & Solutions
Products & Solutions
Explore our portfolio of cutting-edge cybersecurity solutions, centered around our flagship Hardware Security Modules (HSMs). From encryption and key management to secure access and authentication, our products ensure robust protection for your most critical data and systems.
menu icon
Hardware Security Module (HSM)
HSM Overview What is an HSM? Primus HSM CyberVault (X2 Models) Primus HSM CyberVault Core (E2 Model) Primus HSM X-Series Primus HSM E-Series Primus HSM S-Series Primus HSM Blockchain Post-Quantum Cryptography HSM
menu icon
Cloud Security
Securosys CloudHSM Cloud Console What is CloudHSM? CloudHSM Service Offerings Integrated Technologies HashiCorp Vault Docker Image Security Bring Your Own Key (BYOK) External Key Store (XKS) Proxy for AWS Fortinet Fortigate Keyfactor EJBCA/SignServer
menu icon
Additional Products and Services
Decanus Terminal Transaction Security Broker (TSB) Key Attestation Smart Key Attributes (SKA) Securosys Authorization App S365 DKE - add-in for Microsoft 365 Securosys VaultCode CyberVault Key Management System
Partners
Partners
shield-people-colourful
Partners
Partner Directory
digital-data-finance-security-transactions-2
Integrations
Integrated Technologies HashiCorp Vault Fortinet FortiGate S365 DKE - adds in for Microsoft Bring Your Own Key (BYOK) External Key Store (XKS) - Proxy for AWS Keyfactor EJBCA/SignServer
Support
Support
menu icon
Support
Online Documentation Support Portal System Status Trainings
finance-institution-colourful
What is ...?
What is an HSM? What is CloudHSM? What is BYOK? What is SIC system?
About
About
Learn more about our mission, explore career opportunities, and access our resources. Discover how we’re shaping the future of cybersecurity and how you can be part of it.
menu icon
Securosys SA
About Us Events News Career
menu icon
Resources
Online Documentation Blog Articles Stories and Paper Video Gallery
document-lock-b&w
Certifications
Security Certifications Safety & Compliance Certifications Company Certification
Contact us
  • There are no suggestions because the search field is empty.

In today’s digital landscape, data security is paramount. Encryption plays a critical role in safeguarding sensitive information, but securely storing encryption keys can be challenging. Traditional Hardware Security Modules (HSMs) provide robust protection but also demand substantial expertise, resources, and adherence to stringent security protocols. This is where CloudHSM comes in. It offers a cloud-based solution that delivers the benefits of traditional HSMs without the associated complexities.

 

What is CloudHSM?

CloudHSM is a cloud-hosted Hardware Security Module (HSM) service that enables you to perform cryptographic operations and manage encryption keys with enhanced security. This service is particularly beneficial for organizations with strict corporate, regulatory, or contractual compliance requirements. It also makes HSMs accessible to small and medium-sized businesses that may not have the in-house expertise and resources to manage them effectively.

Key Features of Securosys CloudHSM

  • Managed Service: Securosys CloudHSM is a managed HSM service that allows you to securely generate, store and use encryption keys with your applications, eliminating the need for on-premises hardware.  
  • Operates on a Patented HSM: Securosys CloudHSM operates on a proprietary hardware and software architecture, ensuring end-to-end control without intermediaries.
  • Flexible Deployment: Available as dedicated HSMs or multi-tenant HSMs, Securosys CloudHSM can be tailored to meet various security and compliance needs.
  • Global Availability: Compatible with all major cloud service providers, Securosys CloudHSM is accessible through regional clusters in Switzerland, Germany, Singapore, the US, and globally: Swiss CloudHSM, CloudHSM Europe, CloudHSM USA, CloudHSM Asia.
  • Full Control: You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you have the possibility to control access, configure settings, manage backups, and disable HSM administrator access.
  • Extensive Cryptographic Features and API Integration: Securosys CloudHSM offers a broad range of cryptographic features to meet diverse security requirements. It also provides a REST API and a wide range of Primus API Providers (client API software/libraries) that ensure secure communication with the HSM and provide automatic failover and load balancing.

 

Who manages a CloudHSM?

The management of CloudHSM varies depending on the provider. At Securosys, when you subscribe to Securosys CloudHSM, you have the full access to your CloudHSM but the management of HSM is handled by Securosys on your behalf. We offer two different management options to suit varying needs:

  • Dedicated CloudHSM (Platinum Offer): Each customer uses their own dedicated HSM, ensuring exclusive access and control.
  • Multi-Tenant CloudHSM (Eco Offer): In this shared solution, customers are allocated a partition within an HSM, allowing for a cost-effective yet secure environment.

 

Are CloudHSMs as secure as on-premises HSMs?

CloudHSM is a cloud-hosted Hardware Security Module (HSM) service which delivers the same secured service than an HSM without owning and managing the hardware. It provides a secure and cost-effective path to be fully compliant with data security regulations. CloudHSM streamlines the generation, use, and storage of encryption keys, delegating the maintenance and updates to security experts, and therefore allowing you to focus on your core business activities.

 

What is the difference between CloudHSM and Bring your own key (BYOK)?

BYOK involves generating keys on-premises and securely transferring them to your cloud service provider, and thus allowing you to maintain control over your cryptographic keys used in the cloud. In contrast, CloudHSM provisions cryptographic services in the cloud, offering maximum flexibility and control without the need for on-premises hardware. All key operations are performed inside the HSM, ensuring the keys are not exposed outside the secured HSM environment

Enhance your cloud security by integrating CloudHSM with BYOK, achieving regulatory compliance and ensuring the security of sensitive data with top-tier hardware security module protection. Securosys also offers BYOK services. Discover more about Securosys BYOK.

 

What are typical use cases for CloudHSM?

CloudHSM can be used for various purposes, like Public Key Infrastructures, Key Management, Identity and Access Management, Data Encryption, TLS-Termination, Document Signing, Code Signing or Crypto Custody applications. The HSM is accessible remotely to authenticated subscribers in a High-Availability / Fail Over configuration. As a subscriber, you create, manage, and use the cryptographic keys within your partition by yourself and maintain full control over your key data.

Securosys CloudHSM encompasses the following services:

 

For more detailed information about Securosys CloudHSM, visit our resource library.

FAQs

Explore answers to common questions about Securosys CloudHSM, covering setup, regions, scalability, and secure cloud key management.
What is CloudHSM, and how does it differ from traditional HSMs?
CloudHSM is a service based on our hardware security modules hosted in Securosys’ own cloud, providing secure key storage and cryptographic operations without requiring physical hardware at client’s premises. CloudHSM offers the same security level and capabilities as Securosys’ on-prem HSMs but is managed by Securosys. Securosys has no access to customer data.
Which server regions do you offer?
Securosys CloudHSM is available in the European Community, in Switzerland, in Asia and in the United States of America. For redundancy and availability purposes, these HSMs are deployed in a cluster configuration that keeps all data synchronous over multiple HSMs. With this setup, CloudHSM can offer any organization local, regional, or global HSM-clusters, providing access points in different locations, bringing latency down and offering the service in the relevant jurisdiction.
How do I integrate CloudHSM with my existing applications?
Integration with Securosys CloudHSM is seamless, and supports a wide range of industry-standard APIs, including PKCS#11, openSSL, Microsoft CNG, JCE/JCA, and RESTful APIs. This makes it easy to integrate with various applications, including web services, enterprise systems, and cloud platforms. More details here.
Do I need to maintain any hardware or software?
No, CloudHSM is a fully managed service that automates hardware provisioning and software patching. It eliminates the need for upfront infrastructure investments, offering a scalable solution that simplifies security management and minimizes operational effort.
Does your CloudHSM subscription support Bitcoin and other cryptocurrencies?
Yes, Securosys CloudHSM supports multiple cryptocurrencies, including Bitcoin and many others. Most cryptocurrency algorithms are supported including e.g. BLS or Schnorr. CloudHSM is designed to provide secure key management not only for cryptocurrency transactions but also for any type of blockchain-based solutions.
What are the pricing models for CloudHSM?
CloudHSM is offered in a subscription model, tailorable to meet diverse security needs. For more information please contact Securosys Sales or visit the Cloud Console platform. More details on our service offerings here.
What kind of support and maintenance is provided with CloudHSM?
CloudHSM includes 24/7 support with comprehensive maintenance services. This ensures that your system stays up-to-date with the latest security features, software updates, and performance optimizations.
Is your service certified?
Yes, Securosys CloudHSM leverages Securosys Primus HSMs, certified for FIPS 140-2 Level 3, Common Criteria EAL4+, EN 419 221-5, and ISO/IEC 27001, ensuring top-tier security and compliance, which are required for sensitive data and cryptographic operations. More details here.
Securosys holds my key material. Is it possible to have my own backup?
Yes, while the CloudHSM service redundantly secure key material, one can additionally perform manual backups through the Decanus Remote Terminal.  This ensures that CloudHSM users maintain full control over their keys and certificates and can recover them at any time. More details here.
Is there a migration path from Cloud to on-premises?
Absolutely. Securosys provides a smooth migration path from CloudHSM to on-prem HSM solutions. If you wish to move to a private or hybrid environment, we offer the necessary tools and support to transfer your key material securely between cloud and on-prem HSMs.

Related Products

cloudhsm-alps-locket-colourful CloudHSM overview CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations. cloud-key-colourful CloudHSM Service Offerings Our CloudHSM offerings provide versatile solutions tailored to meet diverse security needs. Multiple Solution Architectures cover most of the requirements and with over 30 pre-configured and well-documented services map-sphere-b&w Cloud Console Subscribe within 5min to CloudHSM on Cloud Console, Securosys' online market place. device-hsm-colourful HSM overview Our Primus HSM guarantees secure generation, storage, and management of digital identities, encryption keys, and assets.
cloudhsm-alps-locket-colourful CloudHSM overview CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
cloud-key-colourful CloudHSM Service Offerings Our CloudHSM offerings provide versatile solutions tailored to meet diverse security needs. Multiple Solution Architectures cover most of the requirements and with over 30 pre-configured and well-documented services
map-sphere-b&w Cloud Console Subscribe within 5min to CloudHSM on Cloud Console, Securosys' online market place.
device-hsm-colourful HSM overview Our Primus HSM guarantees secure generation, storage, and management of digital identities, encryption keys, and assets.
cloudhsm-alps-locket-colourful CloudHSM overview CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
cloud-key-colourful CloudHSM Service Offerings Our CloudHSM offerings provide versatile solutions tailored to meet diverse security needs. Multiple Solution Architectures cover most of the requirements and with over 30 pre-configured and well-documented services
map-sphere-b&w Cloud Console Subscribe within 5min to CloudHSM on Cloud Console, Securosys' online market place.
device-hsm-colourful HSM overview Our Primus HSM guarantees secure generation, storage, and management of digital identities, encryption keys, and assets.
cloudhsm-alps-locket-colourful CloudHSM overview CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
cloud-key-colourful CloudHSM Service Offerings Our CloudHSM offerings provide versatile solutions tailored to meet diverse security needs. Multiple Solution Architectures cover most of the requirements and with over 30 pre-configured and well-documented services
map-sphere-b&w Cloud Console Subscribe within 5min to CloudHSM on Cloud Console, Securosys' online market place.
device-hsm-colourful HSM overview Our Primus HSM guarantees secure generation, storage, and management of digital identities, encryption keys, and assets.
cloudhsm-alps-locket-colourful CloudHSM overview CloudHSM provides a seamless, secure, and cost-effective path to achieving full compliance with data security requirements and regulations.
cloud-key-colourful CloudHSM Service Offerings Our CloudHSM offerings provide versatile solutions tailored to meet diverse security needs. Multiple Solution Architectures cover most of the requirements and with over 30 pre-configured and well-documented services
map-sphere-b&w Cloud Console Subscribe within 5min to CloudHSM on Cloud Console, Securosys' online market place.
device-hsm-colourful HSM overview Our Primus HSM guarantees secure generation, storage, and management of digital identities, encryption keys, and assets.