Cryptoserver Cloud
Hardware Security Module as a Service

CryptoServer Cloud

Available as: As a service

Get an HSM that supports a multi-cloud security strategy

  • HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
  • Secure key generation and storage in a FIPS 140-2 Level 3 certified HSM
  • Works with all major cloud service providers
Key Benefits

Key Benefits


No set-up, maintenance, or implementation efforts

Instead of having yet another hardware device to maintain, the CryptoServer Cloud is a solution that combines HSM service, maintenance, and hosting. It also transfers Capex into Opex, providing more flexibility and efficiency, and reducing management overhead.


A secure vault in the cloud

The CryptoServer Cloud is a highly secure, FIPS 140-2 Level 3 certified HSM hosted in a secure, certified datacenter. The service may be administered remotely from any location without deploying any hardware or managing any software.


Fully independent from Cloud Service Provider(s)

CryptoServer Cloud works with all major Cloud Service Providers. The HSM is not bound to a specific vendor – therefore, perfect for multi-cloud environments.



Realize your multi-cloud strategy without compromising on security

The UTIMACO CryptoServer Cloud is the Hardware Security Module as a Service that integrates seamlessly with Cloud Service Providers. It offers the same level of security as with an on-premise HSM without having to worry about setting up the infrastructure.

By choosing the CryptoServer Cloud you receive more than just a Hardware Security Module; you also receive an Infrastructure as a service that protects all of your sensitive assets. UTIMACO takes care of the setup, hosting, and implementation of the HSM in the datacenter – while you maintain full (remote) control. CryptoServer Cloud includes a dedicated HSM for each customer, therefore an HSM is never shared with other customers. This methodology ensures exclusive access and full administrative privileges on the complete HSM while achieving optimum security. This significantly reduces your Capex and personnel costs without any requirement for implementing a dedicated server room, creating a secure environment, or choosing a data center.

Work with the big players but do not become dependent: CryptoServer Cloud integrates with all major Cloud Service Providers. This way, it fits perfectly into your existing cloud applications while still offering multiple migration possibilities. This means that no commitment to any one vendor is required. Instead, you can seamlessly migrate all sensitive data to another CSP– everything remains protected within the hardened environment of the FIPS 140-2 Level 3 certified Hardware Security Module. This is also ideal for all companies with a multi-cloud approach.

Choose the performance you need: CryptoServer Cloud is available in different appliances which vary in the signature creation performance: The CryptoServer Cloud Se500 generates up to 800 keys per second and the CryptoServer Cloud Se1500 can generate up to 1,100 keys per second. (Performance is measured in 2048-bit RSA keys per second).

Not convinced yet? See and test it for yourself: Our free software simulator lets you test if our solution fits to your environment and validate if it serves your requirements.

Highest security as a service

  • FIPS 140-2 Level 3 certified HSM
  • Secure key generation, storage, and usage inside a tamper-protected HSM
  • Secure remote access
  • Provides high-quality true random number generation to ensure uniqueness of keys

Hosted in a secure, carefully selected datacenter

  • Hosted in an ISO/IEC 27001, HIPAA, PCI, and GSMA SAS-SM compliant datacenter
  • Provision of all hardware and software in the datacenter
  • Maintenance of equipment in the datacenter and replacing failed units
  • Setup and additional hardware included
  • Secure server room with dedicated HSM per customer
  • All relevant security and regulatory certifications
  • Current regions: Europe & Americas

Flexible and fully auditable

  • Scalable and adaptable, in line with business requirements
  • Ability to extend your setup with an additional HSM
  • You and your auditors can visit the HSM on-site anytime
  • Helps fulfill compliance and security requirements

Benefit from an extra team of crypto experts

  • Set-up, implementation, and maintenance of the LAN appliance included
  • Support directly from the HSM vendor
  • Monitoring of Utimaco system components 
  • Announcing maintenance windows
  • Installation of firmware updates (CSLAN network appliance)
  • Detection of and timely response to incidents involving Utimaco equipment
  • Providing clear indication of the status and health of your HSMs

Flexible deployment options

  • Choose between different deployment options
  • Hosted in your public cloud applications 
  • Application at your company’s site
  • Datacenter at your colocation
  • Secure access via routing infrastructure
  • Your security officer manages the HSM via secure remote access

Supported cryptographic algorithms

  • RSA, DSA, ECDSA with NIST and Brainpool curves, EdDSA
  • DH, ECDH with NIST, Brainpool and Montgomery curves
  • AES, Triple-DES, DES
  • SHA-1, SHA-2, SHA-3, RIPEMD
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • Up to 10,000 RSA or 6,000 ECDSA signing operations
  • Can be upgraded with blockchain-specific algorithms such as BIP32/44 and SLIP-010 on request

Supported cryptographic interfaces

  • PKCS #11
  • Java Cryptography Extension (JCE)
  • Microsoft Crypto API (CSP), Cryptography Next Generation (CNG) and SQL
  • Extensible Key Management (SQLEKM)
  • OpenSSL
  • Utimaco‘s comprehensive Cryptographic eXtended services Interface (CXI)

Fulfills various security compliance mandates 

  • FIPS 140-2 Level 3
  • GDPR

Works with all major cloud service providers 

  • Amazon AWS
  • Microsoft Azure
  • Google Cloud
  • And more (depending on your location)

As a service

Our as-a-service options are hosted by UTIMACO in certified datacenters and include everything from set-up to deployment to maintenance. 360

Centrally Manage cryptographic resources including the CryptoServer PCIe card, Atalla AT1000, and CryptoServer LAN V5 HSMs with 360

Find more details

CryptoServer SDK

The Utimaco Software Development Kit (SDK) - the professional development environment for customized solutions

Find more details

CryptoScript SDK

CryptoScript - The Most Efficient Development Kit for HSM Customization

Find more details


Applying Quantum-Resistance to Applications and Use Cases

Find more details

DKE Anchor

Two-tier security for the most sensitive data in Azure.

Find more details

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.