CryptoServer Cloud

Get an HSM that supports a multi-cloud security strategy

HSM as a Service – hosted by UTIMACO in a secure, certified datacenter
Secure key generation and storage in a FIPS 140-2 Level 3 certified HSM
Works with all major cloud service providers

Key Benefits

No set-up, maintenance, or implementation efforts

Instead of having yet another hardware device to maintain, the CryptoServer Cloud is a solution that combines HSM service, maintenance, and hosting. It also transfers Capex into Opex, providing more flexibility and efficiency, and reducing management overhead.

A secure vault in the cloud

The CryptoServer Cloud is a highly secure, FIPS 140-2 Level 3 certified HSM hosted in a secure, certified datacenter. The service may be administered remotely from any location without deploying any hardware or managing any software.

Fully independent from Cloud Service Provider(s)

CryptoServer Cloud works with all major Cloud Service Providers. The HSM is not bound to a specific vendor – therefore, perfect for multi-cloud environments.

Realize your multi-cloud strategy without compromising on security

The UTIMACO CryptoServer Cloud is the Hardware Security Module as a Service that integrates seamlessly with Cloud Service Providers. It offers the same level of security as with an on-premise HSM without having to worry about setting up the infrastructure.

By choosing the CryptoServer Cloud you receive more than just a Hardware Security Module; you also receive an Infrastructure as a service that protects all of your sensitive assets. UTIMACO takes care of the setup, hosting, and implementation of the HSM in the datacenter – while you maintain full (remote) control. CryptoServer Cloud includes a dedicated HSM for each customer, therefore an HSM is never shared with other customers. This methodology ensures exclusive access and full administrative privileges on the complete HSM while achieving optimum security. This significantly reduces your Capex and personnel costs without any requirement for implementing a dedicated server room, creating a secure environment, or choosing a data center.

Work with the big players but do not become dependent: CryptoServer Cloud integrates with all major Cloud Service Providers. This way, it fits perfectly into your existing cloud applications while still offering multiple migration possibilities. This means that no commitment to any one vendor is required. Instead, you can seamlessly migrate all sensitive data to another CSP– everything remains protected within the hardened environment of the FIPS 140-2 Level 3 certified Hardware Security Module. This is also ideal for all companies with a multi-cloud approach.

Choose the performance you need: CryptoServer Cloud is available in different appliances which vary in the signature creation performance: The CryptoServer Cloud Se500 generates up to 800 keys per second and the CryptoServer Cloud Se1500 can generate up to 1,100 keys per second. (Performance is measured in 2048-bit RSA keys per second).

Not convinced yet? See and test it for yourself: Our free software simulator lets you test if our solution fits to your environment and validate if it serves your requirements.

Highest security as a service

FIPS 140-2 Level 3 certified HSM
Secure key generation, storage, and usage inside a tamper-protected HSM
Secure remote access
Provides high-quality true random number generation to ensure uniqueness of keys

Hosted in a secure, carefully selected datacenter

Hosted in an ISO/IEC 27001, HIPAA, PCI, and GSMA SAS-SM compliant datacenter
Provision of all hardware and software in the datacenter
Maintenance of equipment in the datacenter and replacing failed units
Setup and additional hardware included
Secure server room with dedicated HSM per customer
All relevant security and regulatory certifications
Current regions: Europe & Americas

Flexible and fully auditable

Scalable and adaptable, in line with business requirements
Ability to extend your setup with an additional HSM
You and your auditors can visit the HSM on-site anytime
Helps fulfill compliance and security requirements

Benefit from an extra team of crypto experts

Set-up, implementation, and maintenance of the LAN appliance included
Support directly from the HSM vendor
Monitoring of Utimaco system components
Announcing maintenance windows
Installation of firmware updates (CSLAN network appliance)
Detection of and timely response to incidents involving Utimaco equipment
Providing clear indication of the status and health of your HSMs

Flexible deployment options

Choose between different deployment options
Hosted in your public cloud applications
Application at your company’s site
Datacenter at your colocation
Secure access via routing infrastructure
Your security officer manages the HSM via secure remote access

Supported cryptographic algorithms

RSA, DSA, ECDSA with NIST and Brainpool curves, EdDSA
DH, ECDH with NIST, Brainpool and Montgomery curves
AES, Triple-DES, DES
MAC, CMAC, HMAC
SHA-1, SHA-2, SHA-3, RIPEMD
Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
True random number generator (PTG.2 acc. AIS 31)
Up to 10,000 RSA or 6,000 ECDSA signing operations
Can be upgraded with blockchain-specific algorithms such as BIP32/44 and SLIP-010 on request