Generate, store, manage and maintain cryptographic keys in a secure environment
Many business areas, including banks, the automotive industry as well as governments are increasingly leveraging a hybrid cloud strategy for the purpose of improving their service offering, cost performance and to increase agility and time-to-market. In a hybrid cloud, companies can blend the best of local data centers and cloud infrastructures, including service mash-ups.
Prerequisite to a hybrid cloud strategy is the customers’ independence of a specific cloud service provider and the uncompromisable protection of data privacy with regard to third parties.
Encryption of sensitive data brings resilience against data breaches as well as compliance with relevant standards and regulations. A bring-your-own-key strategy (BYOK) allows to securely orchestrate services and data flows across multiple clouds and countries, including the customers local data centers.
Combining HSM security with multi-cloud flexibility provides;
- ‘cloud neutral’ provisioning and control of encryption keys
- ideal for businesses that have a global reach with a requirement to offer their services in multiple regions, countries and multiple cloud locations (cloud mashup)
- a built-in Bring-Your-Own-Key (BYOK) process, keeping companies in control of their data and avoiding vendor lock-in with Cloud Service Providers
- an additional level of defence against data breaches and compliance with sovereignty regulations by separation of keys and data
- a centralized point to manage keys across heterogeneous products.
Business value
Cryptographic Key Management
- Industry-grade and HSM-based key management solution
- Provides a simple and intuitive interface for managing and distributing cryptographic keys and keying materials across a broad spectrum of use cases.
- Provides complete control, and visibility of the full enterprise key inventory. Achieve full lifecycle key management from generation through escrow and termination.
- Enables organizations to securely manage and store keys and sensitive data for the entire enterprise in a single centralized location.
- Provides a centralized key management system with seamless integration for any third party device and can be utilised as as the cryptographic key management anchor.
- Provides support for secure key component and cryptogram handling. Any number of secure mailer formats can be utilized for print capabilities and tracking.
Effective audit logging within an industry compliant architecture
- Enables remote audit management & detailed key inventory
- Provides Audit Logs including date & timestamp, a unique audit ID, user IDs, POS terminal details, Key Serial Number – KSI & DID portion only (injection only)
- Communicates Status: Pass or Failure
- Fulfills major industries’ security requirements
Remote Access
- Provides extensive mechanisms for remote administration
- Enables efficient key management and firmware updates via remote access
- Automates remote diagnosis via SNMP (Simple Network Management Protocol
Software Simulator included
Included simulator allows for evaluation and integration testing to benchmark the best possible solution for each specific case
Deployment options
On Premise
- Utimaco’s industry-grade HSM and Key Management Technology installed locally at customer location
- Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
- Defined total cost of ownership
- Complete control on hardware and software, including configuration and upgrades
- Secured uptime in areas with insatiable internet connectivity
- Preferred choice in industry-segments where regulation imposes restrictions
In the Cloud
- Utimaco’s HSM and Key-Management-as-a-Service provides a single point of control, regardless of the cloud provider or providers. With complete control of all the keys protecting a multi-cloud environment, this ensures that valuable, sensitive data remains protected.
- Strategic architectural fit & risk management for your high value assets
- Provides flexibility, scalability and availability of HSM-as-a-service
- Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
- Allows you to seamlessly work with any Cloud Service Provider
- Easy-to-use remote management and on-site key ceremony service option
- Full control over data through encryption key life-cycle and key administration
- Secured data privacy through Bring-Your-Own-Key procedures