The Securosys HSM has moved to the Cloud: On September 26 Securosys celebrated the launch of its new service ‘Clouds HSM’ in the Clouds Bar, which is located on the 35th floor of the Prime Tower above the rooftops of Zurich.
„We created Clouds HSM because of customer requests“, Reto Stäuble, Head of Business Development at Securosys, said when presenting the new Securosys service. He added that customers as IT responsibles expressed a need for secure storage of digital keys but didn’t want to deal with the operation and maintenance of an HSM. Instead, they have been preferring HSM as a service. It’s obvious that HSM as a service is a good solution in some cases, considering its advantages: You don’t need to start a hardware evaluation, you don’t have to care about setup, and the service is available within minutes. The investment costs are low, and so are the total costs of ownership (TCO). Maintenance and operation are taken care of by Securosys’ experts.
HSM as a Service: flexible and attractive
You are flexible regarding performance: you may adjust it according to your needs. The service is suitable for a wide variety of applications and is based on the proven Primus HSM, which has been developed by Securosys. It is operated wholly in Switzerland and under Swiss law. Also, you get the service for an attractive price. Up to now, there are four different service packages available: „Enterprise Standard“, „Economy SME“, ”Sandbox“ and, starting from 2018, „Platinum“, with dedicated HSMs.
The keynote speakers René Eberhard, CEO from Keyon, and Peter Amrhyn, Head of Engineering Security Offerings at Swisscom, presented use cases for the Clouds HSM:
Microsoft: signature keys generated in certified hardware
Keyon intends to use Clouds HSM for a solution they have established a long time ago. It has been proven effective even when signing millions of documents during year-end accounting, for example. This application called ‘true-Sign’ is now available as ‘true-Sign V Cloud’. „The solution is suitable for all applications running on Windows. You can use it for signing pdf- or MS-Office documents, for signing application code and macros, or for managing signature keys“, explained René Eberhard. Microsoft has released more restrictive guidelines for code signing at the beginning of 2017. Since then, signature keys need to be generated in FIPS 140-2 Level 2 or higher certified hardware. Clouds HSM fulfills these guidelines because the underlying (physical) Securosys HSMs will be certified on FIPS 140-2 Level 3.
Swisscom sees a soon-to-be run on electronical signatures
Swisscom expects a run on digital signatures because of the law on electronical signature (ZertES) has been in effect since January 2017. That means that an electronical signature is now as valid as a hand-written signature under certain conditions. Swisscom anticipates a growing need of electronic signatures "on demand". "The bottleneck for signature generation will be located in the HSMs. Therefore, we need a pool of high-performance devices for high capacities", Peter Amrhyn stated.
The participants had the opportunity to ask questions to Securosys experts during the following reception with a breathtaking view over nightly Zurich.
René Eberhard: Swiss Signature Innovation
Beginning of 2017 Microsoft changed the guidelines for code signing drastically: The signature keys have to be generated and stored in hardware that is certified according to FIPS 140-2 Level 2. The goal is integrity and authenticity of the applications as well as fewer attack vectors for malware. One way to adhere to these guidelines is true-Sign V in combination with Clouds HSM from Securosys. In his talk René Eberhard has detailled how the solution looks like.
René Eberhard is CEO and co-founder of Keyon. He is involved in many strategic IT security projects as senior consultant. In 1997, he graduated from the Hochschule Rapperswil as electrical engineer and complemented his education with a degree in business and software engineering.
Peter Amrhyn: HSM as a service at Swisscom
When talking about digitization, the digital signature plays a key role. It enables legally valid signature of contracts using the internet. Swisscom sees here a large potential not only with private customers, but also for business customers. Swisscom is preparing for this boom with its highly scalable „All-in Signing Service“. In the background, HSMs are required to safekeep all the signing keys. Peter Amrhyn is head of engineering security offerings at Swisscom. He is responsible for the architecture and engineering of Mobile ID, All-in Signing Service, PKI, and SwissTrustRoom. Peter got his degree from ETH Lausanne. At the moment he is attending part time Hochschule St. Gallen for a post graduate degree.
Blog post "HSM in the cloud – what to watch out for?"