<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Download CloudHSM Booklet

HSM AS A SERVICE -
Your Online Key Vault

CloudHSM is a hardware security module (HSM) cloud service. You could call it "managed HSM" or "HSM as a Service (aaS)". It allows users to generate encryption keys, use them, and store them securely without having to worry about time-consuming things like evaluation, setup, maintenance, and updating their own HSM. Instead experienced experts take care of it.

CloudHSM is now available as Global or as a Regional Swiss, German, US, or Singapore Cluster. With CloudHSM, Securosys, unlike competitors and public cloud providers, offers not only a local service from a data center but a globally synchronized system. The Global Cluster provides the lowest latency access to private keys (for signature and encryption) from anywhere in the world.

If you are looking for HSM key management of your cloud application, for example, in conjunction with HashiCorp Vault, CloudHSM is the cost-effective and secure solution, independent from your CSP like AWS, Google, Azure (HashiCorp/Securosys integration guide). Similarly, if you are using CyberArk for privileged access management, Securosys CloudHSM let's you manage your keys and secrets anywhere geo-redundant with low latency.  

Ready to use and globally available

Always up-to-date and latest feature level

Managed and operated by experts

An easy integration


Excellent price/performance ratio

The highest data protection


HSM Cluster

Running a HSM cluster professionally requires a wide range of know-how, resources, processes and policies. It is precisely this HSM-specific know-how that rarely belongs to the core competences of IT officers. But there is a solution for the organizations that neither have the skills nor the possibility to acquire them: They can outsource the task to the experts of Securosys CloudHSM.

Read more
Managed from Switzerland in Swiss, German, Singapore, or US Datacenters

The HSM as a service consists of a partition on a Primus HSM cluster. Managed from Switzerland in Swiss, German, Singapore, or US datacenter locations regional or global HSM clusters are available. The partitions are securely separated and can be discretely controlled, configurated and complemented with various applications.

CloudHSM Factsheet
Keep Control

You don’t need to trust us with managing access to your secure keystore. With our Decanus Terminal’s Partition Administration functionality, you can fully control access to your partition, make configuration changes, download backups, and even disable HSM administrators access to your partition. This way you get all the security advantages of your own HSM without all the headaches and costs.

Read the Solution Brief

What makes Cloud HSM unique

Hardware Security Module as a Service (HSM as a service). Made in Switzerland. Without backdoors. In an ultrasecure datacenter in the Swiss alps. Globally available. Operated by the experts who have designed and manufactured the HSM for the Swiss payment clearing and settlement system. 

Expert-Know-how
Built and hosted by experts who developed and produced HSM for Swiss payment transactions.
Up to date
Services and security measures always up to date. Experts operate the devices and update the firmware.
Easy to Integrate
The service fits seamlessly into existing systems. The connection is made via PKCS#11, openSSL, JCE/JCA, Windows CNG interface or REST API.
Ready to use

The system is pre-configured and ready for 24/7 operation within minutes. No in-depth knowledge of HSM required. The HSM are managed by Securosys experts.

No Effort
No evaluation and setup project necessary. CloudHSM is a turnkey service and can be activated immediately. Our experts operate the devices and keep them always up to date with the latest security standards.
Excellent Price-Performance Ratio
Low investment costs, low total cost of ownership. The service eliminates initial costs and does not tie up capital. In case of higher demand, more power can be obtained.
Highest Security

The data is located in Switzerland, or depending on the service package in e.g. Germany, Singapore, USA, and Switzerland. Ergo strong data protection, the highest political stability. The datacenter and CloudHSM operation are ISO 27001 certified. CloudHSM is certified according FIPS-140-2 Level 3. Special Common Criteria EAL4+ service certified to EN 419 221-5 that supports use for eIDAS or ZertES compliant signing services with qualified certificates.

Full Control

Decanus Terminal enables you to remotely administrate your partition, including configuration, backup / restore or setting access data. You don’t even have to trust the HSM operator.

The Advantages of Cloud HSM at a Glance

Features

Ready to use

No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operational within hours.

No time and effort

Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.

Secure legal system

The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.

Highest level of security hardening:

Your data is kept in a Primus Hardware Security Module. Access by our experts or other CloudHSM users is impossible. Data protection is always guaranteed.

Highest availability

The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.

Highest trustworthiness

We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.

Highest standards

FIPS-140-2 Level 3 and Common Criteria EAL4+  EN 419 221-5 certified Primus HSM. Service operation and data centers comply to ISO 27001 and BAFIN and FINMA cicrulars. Thus they comply to most of the applications.

Security policy à la carte

You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.

Best price-performance ratio

With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.

Simple integration

The service fits seemlessly into existing systems.

Many options

The applications are diverse. The connection is established via PKCS#11, JCE/JCA, Microsoft CNG interface or REST API.

Easy migration from the cloud

In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.

Ultra-Secure Devices

CloudHSM is a service backed by the high performance and high security Primus HSM from Securosys.

Certification

Specific HSM cluster available in strict FIPS mode and Common Criteria compliant mode according to EN 419 221-5 for eIDAS or ZertES applications. Specific HSM cluster available in strict FIPS mode. Operation of the service and the data centers comply to ISO 27001, tier III. Additionally, the backup data center provides protection form Electromagnetic Puls (EMP/HMP, BSI zone 3 / NATO zone 2).

Complete Isolation

Access to the key storage by other CloudHSM users or the CloudHSM experts is impossible. With Decanus Terminal Partition Administration you perform all management tasks yourself, you even can lock out the HSM operations team from any management activities on your partition.

Strong Redundancy

The data remains accessible even in the event of an elementary damage. They are mirrored at three geographically separate locations, one in a former military bunker in the Swiss Alps.

Failure-Free Operation

Storage in two data centers and backup location guarantees maximum availability. Each location has redundant internet connection. Every site has different internet providers.

Key Attestation

The Primus HSM in CloudHSM feature a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. Thus, providing proof to you or any trust service provider that your keys are hold securely on Primus HSM.

LibC Swiss PKI

libC Technologies provides expert software development in IT security, authentication, encryption and digital signature. Their product SwissPKI is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to embedded or CloudHSM solution, the service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.


SwissPKI-1_0


logo-libC-360x73-transparent_2

CREALOGIX

CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.

crealogix_logo_schwarz

API Integration of Your Choice

CloudHSM offers a REST API or a wide range of API providers (client API software / libraries) that are installed on the application server and ensure secure communication with the HSM and provide automatic failover and load balancing. A complete HSM as a service solution.


Clients are free to choose the API that best suits their requirements:

REST API
JCE/JCA
  • Best for Java integration
  • Enhanced feature support: multi-authorization, cryptocurrency, key attestation and others

PKCS#11
  • Best for applications that use the PKCS#11 standard interface, e.g. OpenSSL, Apache, NGINX, PKI, KMS and many programming language libraries.
Microsoft CNG
  • Best for Microsoft Windows operating systems
  • Native integration for many applications using Cryptography Next Generation interface (CNG)

Packages

Our CloudHSM is a very flexible HSM as a service offering. You can choose between economic options where HSMs are shared by multiple users, each securely partitioned in their own partition. Even if you operate HSMs yourself, our sandbox service can be a hassle-free alternative for a test and pre-production environment.

If you do not want a shared solution, the Platinum Service is the right choice for you. With Platinum, dedicated HSMs carry only your keys and data. Some of our customers even buy HSMs to attain full custody and then let them run and operate in our CloudHSM service managed by Securosys.

Securosys CloudHSM service can be further tailored to your needs. Mixed mode operation with on-premise HSM combined with CloudHSM is possible. You may also upgrade from shared service to dedicated HSM. Alternatively, we can also setup a CloudHSM service inside your enterprise or department, simplifying and centralizing HSM service for your internal customers. Please contact us for an offer.

ECO (Economy SME)
ECO CC / FIPS (CC certified, ZertES, eIDAS, or FIPS)
SBX (Sandbox)
PLATINUM
PLATINUM (Enterprise)

Subscription type

Shared HSM subscription
Shared HSM subscription
Shared HSM subscription
Dedicated HSM subscription*
Dedicated HSM subscription*
Platform**

2x1 +1

3 HSM in 3 data centers

2x1 +1

3 HSM in 3 data centers

2x1, 2 HSM in 2 data centers, (in debug mode)

Dedicated HSMs 

hosted in data centers

Dedicated HSMs 

hosted in data centers

Performance***

Up to 600 Sig./Min

Up to 600 Sig./Min

Best available

(In debug mode)

Up to 1`200 Sig./Min

Up to 12'000 

Sig./Min

Capacity

100 MB

100 MB

100 MB

120 MB*

240 MB*

Support

Availability

Response time

critical/major/minor

24 x 7 x 365

2/8/24h

24 x 7 x 365

2/8/24h

24 x 7 x 365

8/12/24h

24 x 7 x 365

1/4/8h

24 x 7 x 365

1/4/8h

Management: Operated and managed by Securosys specialists (ISO 27001 compliant)

* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC521 signatures per minute

ECO (Economy SME)
ECO CC / FIPS (CC certified, ZertES, eIDAS, or FIPS)
SBX (Sandbox)
PLATINUM
PLATINUM (Enterprise)

Subscription type

Shared HSM subscription
Shared HSM subscription
Shared HSM subscription
Dedicated HSM subscription*
Dedicated HSM subscription*
Platform**

2x1 +1

3 HSM in 3 data centers

2x1 +1

3 HSM in 3 data centers

2x1, 2 HSM in 2 data centers, (in debug mode)

Dedicated HSMs 

hosted in data centers

Dedicated HSMs 

hosted in data centers

Performance***

Up to 600 Sig./Min

Up to 600 Sig./Min

Best available

(In debug mode)

Up to 1`200 Sig./Min

Up to 12'000 

Sig./Min

Capacity

100 MB

100 MB

100 MB

120 MB*

240 MB*

Support

Availability

Response time

critical/major/minor

24 x 7 x 365

2/8/24h

24 x 7 x 365

2/8/24h

24 x 7 x 365

8/12/24h

24 x 7 x 365

1/4/8h

24 x 7 x 365

1/4/8h

Management: Operated and managed by Securosys specialists (ISO 27001 compliant)

* More options available: additional partitions, customer owned HSM operation
** High Availability (HA) cluster with synchronized data available in active/active mode
*** Performance measured in #RSA4096/ECC521 signatures per minute

 

 

Buy now

 

ECO (Economy SMB/SME)

ECO is the package for small and medium-sized enterprises (SMB/SME). It offers exactly the performance you need at an affordable price. A user space (Partition) includes 100MB in a cluster of 2 synchronous HSM. Additionally, the data is mirrored to an HSM in the fortified backup data center. ECO is also suitable as a cost-effective backup for on-permise HSM.

Contact us for ECO
ECO CC (CC Certification)
ECO CC is the package for anyone looking for a specific HSM cluster available in strict FIPS mode and Common Criteria compliant mode according to EN 419 221-5 for eIDAS or ZertES applications. It offers exactly the performance you need at an affordable price. A user space (Partition) includes 100MB in a cluster of 2 synchronous HSM. Additionally, the data is mirrored to an HSM in the fortified backup data center. 
Contact us for ECO CC
SBX (Sandbox)
The Sandbox system is designed as an integration and test environment. It offers the same user space (Partition) as ES, synchronous on 2 HSM, however without any performance guarantee. SBX CloudHSM works in a debug mode and allows users and Securosys Support to access detailed device logs. The ideal setup to test and prepare any integration with Primus HSM. In addition, any update to the HSM firmware in the CloudHSM system will always be rolled out first to the SBX. This enables users of our ES and ECO packages to verify their applications before a general system update.
Contact us for SBX
PLATINUM
In the PLATINUM service a dedicated HSM is assigned to you in the redundancy level of your preference. PLATINUM is available in two performance classes building on Primus HSM X-series (Enterprise) or E-series (Basic). Each subscription comes with one partition. Additional partitions are available at special rates. On request we also operate your purchased Primus HSM within the CloudHSM environment.
Contact us for PLATINUM

Contact Us

Contact us if you want to know more about our products and offering.

Contact us if you want to know more about our products and offering.