Utimaco’s Indian Trust as a Service -Data Centers Welcome First Customer

Shortly after opening two data centers in India in late 2025 , Utimaco welcomed its first customer adopting its HSM-as-a-Service solution, drawn by the strong value proposition of cloud-hosted cybersecurity.

Cybersecurity as a Service  can be a true business enabler, offering flexibility, scalability, and a faster path to compliance. As global businesses face increasing pressure from regulatory and technological requirements, Indian companies are no exception. They must navigate multiple market forces while building scalable, modern IT infrastructure to support future growth. 

In this blog, we are going to  present the use case of Upswing Financial Technologies, a fast-growing Indian fintech company that adopted Utimaco’s cybersecurity solutions hosted in their ow n Indian data centers. We will  also discuss the broader market context and the key factors placing cybersecurity high on the agenda for Indian companies.

Utimaco’s Growing Presence in India

Utimaco is not new to the Indian market; it has been operating in India since 2011, serving customers across banking, financial services, technology, and the public sector.

In late 2025, Utimaco expanded its footprint with new data centers in Delhi and Mumbai. These facilities support its Trust-as-a-Service  portfolio, including General Purpose aaS and Payment HSM aaS  .

Find out more about Utimaco’s Indian data centers here

The new infrastructure brings Utimaco’s services closer to customers and addresses the growing demand for locally hosted, compliant security solutions. It is designed to meet pressing cybersecurity and compliance needs in the Indian market while enabling secure, scalable, cloud-based cybersecurity services hosted locally.

Market Trends Driving Cybersecurity Adoption in India

Businesses worldwide face significant regulatory requirements and must ensure compliance with national, international, and industry-specific standards.

Find out more about how Cybersecurity as a Service enables growth and trust in this ebook.

In India, three key market forces  are driving this landscape, shaping how organizations approach cybersecurity, accelerate cloud adoption, and prioritize investments in secure, scalable, and compliant infrastructure.

• Digital Personal Data Protection Act (DPDP Act)
  India’s DPDP Act (2023) requires organizations to handle personal data in a lawful, transparent, and secure manner, driving stronger encryption, key management, and audit capabilities.
• Data Sovereignty
  Data sovereignty is a growing priority, with organizations seeking greater control over cloud data. This has increased adoption of models such as BYOK and HYOK to ensure independence and continuity.
• Aadhaar Data Vault
  The Aadhaar Data Vault (ADV), mandated by UIDAI, requires secure, encrypted storage of Aadhaar data. Compliance demands strict encryption and key management, making hardware security modules essential.

At a macro level, similarly to their global peers, Indian companies are adopting cloud-hosted cybersecurity solutions to strengthen data protection and implement data sovereignty measures without the need to invest in own hardware and infrastructure. 

At the micro level, companies such as Upswing are seeking to strengthen their operations by adopting scalable, efficient cybersecurity solutions that will add value to their businesses. 

The First Indian Customer Cuts Costs with Utimaco’s Solutions

Upswing is a fintech company operating in card processing, with offices in Bengaluru and Mumbai. It provides an API  platform for secure and scalable payment processing.

The company’s goal was to find a reliable partner that could deliver secure, flexible HSM services and enable rapid deployment. These requirements aligned well with Utimaco’s HSM-as-a-Service  model, which does not require Upswing to own or operate the hardware infrastructure. The physical Payment HSMs hosted in Utimaco’s certified data centers building the base for the as-a-Service offering  can be accessed via a hosted cloud service, helping to reduce costs while ensuring a secure solution that enhances and protects payment use cases.

For lean and fast-growing businesses such as Upswing, operating HSM infrastructure can be an overwhelming task. Upswing wanted to avoid the cost and complexity of managing HSM infrastructure in-house. With a cloud-hosted Payment HSM-as-a-Service , the entire service is fully managed by Utimaco. Therefore, the company can save time and costs on maintenance, infrastructure updates, and hiring specialized personnel.

Cloud-hosted cybersecurity offers a distinct value proposition. Companies are not required to invest heavily in infrastructure; instead, they can simply plug in and use the service. It is also one of the fastest ways to achieve compliance with regulatory standards, including global frameworks such as PCI DSS. In addition, it provides scalability allowing organizations to scale service as they grow.

The Role of Local Data Centers

The Upswing team had several technical considerations for data centers, with a focus on security, reliability, expertise, and cost-effectiveness. After evaluating multiple providers, Utimaco’s strong track record in HSM-as-a-Service  made it the clear choice.
Since deployment, Upswing’s team had several observations regarding the service: 

• HSM-related issues have been minimal,
• consistently high availability,
• strong support responsiveness. 

With Utimaco managing this critical component, they are able to focus more on growing their core business.

“Our partnership with Utimaco as an HSM provider has been instrumental to our card processing operations. Their technical depth and consistently responsive support team make them a dependable partner we can trust” - Pradeep E, Product Manager at Upswing   

Utimaco’s Indian infrastructure, consisting of two data centers, forms the foundation for its HSM-as-a-Service offering, including General Purpose and Payment HSM services. The facilities are designed for high availability and maximum uptime, supported by fully redundant power, cooling, and network systems which are critical for payment processing workloads.

The new data centers in Delhi and Mumbai have already achieved PCI PIN certification, with PCI DSS certification in progress, reinforcing compliance with industry-leading security standards such as ISO 27001.

Strong physical security further underpins the service, with 24/7 on-site personnel, biometric access controls, continuous surveillance, and secure perimeter protection safeguarding critical hardware against unauthorized access and tampering.

Supporting Secure Growth in India

Utimaco’s Trust as a Service portfolio enables companies to generate and manage cryptographic keys, protect sensitive data, and secure payment operations. These capabilities help businesses meet requirements related to data sovereignty, the DPDP Act, and frameworks like Aadhaar Data Vault.

As regulatory and operational pressures increase, locally hosted, managed security services are becoming a practical choice for companies that need both control and flexibility.

Utimaco’s Trust as a Service Portfolio

Utimaco’s Trust as a Service portfolio exemplifies the potential of Cybersecurity as a Service offerings, with a range of services designed to meet diverse security requirements.

• The General Purpose HSM as a Service, offers secure key generation, storage, and management for a wide range of use cases.
• Payment HSM as a Service provides a managed alternative to self-owned systems, reducing the burden on businesses while enabling them to fulfill the strict requirements of the financial and payment industry.
• File and Folder Encryption as a Service ensures data protection across various storage locations.
• Enterprise Key Manager as a Service offers reliable cryptographic key management.
• eInvoice Signature as a Service enables businesses to generate, validate, and archive Qualified Electronic Signatures, ensuring compliance with eIDAS standards.
• Timestamp as a Service is eIDAS compliant generation, validation and archiving of timestamps that ensure document integrity.
• POS Key Generation as a Service is a PCI PIN compliant security of POS payment use cases.
   

About the Author

Peter Czempas

Product Marketing Manager, Utimaco