Our Securosys Clouds HSM offers data security at minimal expenses. It's a HSM as a service. It suits organizations that handle sensitive customer data and consider an own HSM being too expensive or not making sense.
Running a HSM cluster professionally requires a wide range of know-how and resources. Policies and processes need to be defined, whilst the lacked know-how rarely belongs to the core competences of IT officers. But there is a solution for the organizations that neither have the skills nor the possibility to acquire them: They can outsource the task to the experts of Securosys Clouds HSM.
The HSM as a service consists of a partition on a Primus HSM cluster we design and manufacture ourselves in Switzerland. We even operate these highly secure and highperformance devices in Switzerland, thus meaning the data are subject to Swiss data protection law being one of the strictest in the world. The partitions are securely separated and can be discretely controlled, configurated and complemented with various applications.
Factsheet Securosys Clouds HSM (pdf)
Hardware Security Module as a Service. Made in Switzerland. Without backdoors. In an ultrasecure datacenter in the Swiss alps. Operated by the experts who have designed and manufactured the HSM for the Swiss payment clearing and settlement system.
- Ready to use: No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operationable within hours.
- No time and effort: Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.
- Secure legal system: The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.
- Highest level of security hardening: Your data is kept in a Primus Hardware Security Module. Access by our experts or other Clouds HSM users is impossible. Data protection is always guaranteed.
- Highest availability: The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.
- Highest trustworthiness: We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.
- Highest standards: Our devices are being certified for FIPS-140-2 Level 3 and are located in data centers complying to ISO 27001. Thus they comply to most of the applications.
- Security policy à la carte: You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.
- Best price-performance ratio: With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.
- Simple integration: The service fits seemlessly into existing systems.
- Many options: Applications are manyfold. Connection is established by PKCS#11, open SSL, JCE/JCA, or CNG interface (for MS windows).
- Easy migration from the cloud: In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.
- Public Key Infrastructure (PKI): Hardware protected, safe key generation, storage and usage for certificates of PKI applications. Today every Microsoft server with Active Directory Certificate Services (AD CS) provide an integrated PKI solution. By means of Key Storage Provider (KSP) and Clouds HSM certificates for authentication of persons, devices, servers, Secure E-Mail (S/MIME), Encrypting File System (EFS), SSL or IPsec VPN connections, can be issued and managed centrally, compliant with Microsoft recommendations.
- Safeguarding transactions: Integrity, confidentiality, traceability of transaction messages in e-payment can be assured by means of signature and encryption.
- Document signing, document archiving (digital seal)
Exchange and archiving of digital documents is largely standardized. For a legally valid verification of origin and integrity such documents must be signed digitally. Usually key storage and signature are subject to compliance requirements (FIPS 140-2) that Clouds HSM meets. Appropriate standard interfaces ensure the integration in document management systems or for example in pdf document signing and encrypting appplications.
- Database encryption
In databases (Microsoft, SQL Server, Oracle) confidentiality of sensitive data can be guaranteed by transparent data encryption without having to change the overlying database application. The integration of Clouds HSM in order to separate the keys from the documents enables the compliance with official and privacy regulations.
- Code signing
Applications are often spread over networks with inconsistent security policies. Thus they risk to be manipulated. By code signing applications are signed in order to guarantee authentication and integrity and to underline the credibility of the autor. Depending on the operating system (MS Windows, Mac-OS) and code type a valid signature is required for execution of the code. In general the storage of the private key in a certified hardware is required. Alternatively Clouds HSM can be applied.
Swisscom is known as the leading Swiss telecom company. It also has a strong IT subsidiary.
CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.
Keyon is a leading provider of solutions and services in the area of IT-security and custom software development. The company has been operating since 1999 and has customers in the area of finance, insurance, trade, industry, telecommunication and federal government.
Factsheet Securosys Clouds HSM (pdf)
Please note our HSMs: