Get an HSM that supports a multi-cloud security strategy

- HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
- Secure key generation and storage in a FIPS 140-2 Level 3 certified HSM
- Works with all major cloud service providers
Key Benefits
Details
Realize your multi-cloud strategy without compromising on security
The UTIMACO CryptoServer Cloud is the Hardware Security Module as a Service that integrates seamlessly with Cloud Service Providers. It offers the same level of security as with an on-premise HSM without having to worry about setting up the infrastructure.
By choosing the CryptoServer Cloud you receive more than just a Hardware Security Module; you also receive an Infrastructure as a service that protects all of your sensitive assets. UTIMACO takes care of the setup, hosting, and implementation of the HSM in the datacenter – while you maintain full (remote) control. CryptoServer Cloud includes a dedicated HSM for each customer, therefore an HSM is never shared with other customers. This methodology ensures exclusive access and full administrative privileges on the complete HSM while achieving optimum security. This significantly reduces your Capex and personnel costs without any requirement for implementing a dedicated server room, creating a secure environment, or choosing a data center.
Work with the big players but do not become dependent: CryptoServer Cloud integrates with all major Cloud Service Providers. This way, it fits perfectly into your existing cloud applications while still offering multiple migration possibilities. This means that no commitment to any one vendor is required. Instead, you can seamlessly migrate all sensitive data to another CSP– everything remains protected within the hardened environment of the FIPS 140-2 Level 3 certified Hardware Security Module. This is also ideal for all companies with a multi-cloud approach.
Choose the performance you need: CryptoServer Cloud is available in different appliances which vary in the signature creation performance: The CryptoServer Cloud Se500 generates up to 800 keys per second and the CryptoServer Cloud Se1500 can generate up to 1,100 keys per second. (Performance is measured in 2048-bit RSA keys per second).
Not convinced yet? See and test it for yourself: Our free software simulator lets you test if our solution fits to your environment and validate if it serves your requirements.
Highest security as a service
- FIPS 140-2 Level 3 certified HSM
- Secure key generation, storage, and usage inside a tamper-protected HSM
- Secure remote access
- Provides high-quality true random number generation to ensure uniqueness of keys
Hosted in a secure, carefully selected datacenter
- Hosted in an ISO/IEC 27001, HIPAA, PCI, and GSMA SAS-SM compliant datacenter
- Provision of all hardware and software in the datacenter
- Maintenance of equipment in the datacenter and replacing failed units
- Setup and additional hardware included
- Secure server room with dedicated HSM per customer
- All relevant security and regulatory certifications
- Current regions: Europe & Americas
Flexible and fully auditable
- Scalable and adaptable, in line with business requirements
- Ability to extend your setup with an additional HSM
- You and your auditors can visit the HSM on-site anytime
- Helps fulfill compliance and security requirements
Benefit from an extra team of crypto experts
- Set-up, implementation, and maintenance of the LAN appliance included
- Support directly from the HSM vendor
- Monitoring of Utimaco system components
- Announcing maintenance windows
- Installation of firmware updates (CSLAN network appliance)
- Detection of and timely response to incidents involving Utimaco equipment
- Providing clear indication of the status and health of your HSMs
Flexible deployment options
- Choose between different deployment options
- Hosted in your public cloud applications
- Application at your company’s site
- Datacenter at your colocation
- Secure access via routing infrastructure
- Your security officer manages the HSM via secure remote access
Supported cryptographic algorithms
- RSA, DSA, ECDSA with NIST and Brainpool curves, EdDSA
- DH, ECDH with NIST, Brainpool and Montgomery curves
- AES, Triple-DES, DES
- MAC, CMAC, HMAC
- SHA-1, SHA-2, SHA-3, RIPEMD
- Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
- True random number generator (PTG.2 acc. AIS 31)
- Up to 10,000 RSA or 6,000 ECDSA signing operations
- Can be upgraded with blockchain-specific algorithms such as BIP32/44 and SLIP-010 on request
Supported cryptographic interfaces
- PKCS #11
- Java Cryptography Extension (JCE)
- Microsoft Crypto API (CSP), Cryptography Next Generation (CNG) and SQL
- Extensible Key Management (SQLEKM)
- OpenSSL
- Utimaco‘s comprehensive Cryptographic eXtended services Interface (CXI)
Fulfills various security compliance mandates
- FIPS 140-2 Level 3
- GDPR
- HIPAA
- ETSI C-ITS
- GSMA SAS-SM
Works with all major cloud service providers
- Amazon AWS
- Microsoft Azure
- Google Cloud
- And more (depending on your location)
u.trust 360
Centrally Manage cryptographic resources including the CryptoServer PCIe card, Atalla AT1000, and CryptoServer LAN V5 HSMs with u.trust 360
CryptoServer SDK
The Utimaco Software Development Kit (SDK) - the professional development environment for customized solutions
CryptoScript SDK
CryptoScript - The Most Efficient Development Kit for HSM Customization
Q-safe
Applying Quantum-Resistance to Applications and Use Cases
DKE Anchor
Two-tier security for the most sensitive data in Azure.