nShield as a Service

- Solutions
  - Strong Identities
    1. Identity Verification
      Enable high assurance identities that empower citizens.
    2. ID Issuance
      Issue safe, secure digital and physical IDs in high volumes or instantly.
    3. User Identity
      Elevate trust by protecting identities with a broad range of authenticators.
    4. Machine Identity
      Issue and manage strong machine identities to enable secure IoT and digital transformation.
    5. Digital Signature
      Use secure, verifiable signatures and seals for digital documents.
  - Secure Payments
    1. Financial Issuance
      Issue digital and physical financial identities and credentials instantly or at scale.
    2. Digital Card Solution
      Issue digital payment credentials directly to cardholders from your bank's mobile app.
  - Digital Infrastructure
    1. Database Security
      Secure databases with encryption, key management, and strong policy and access control.
    2. Multi-cloud Security
      Secure encryption keys, containers, and data across multi-cloud. environments.
- Industry
- Compliance
  - 1. PSD2
    2. HIPAA
    3. GDPR
  - 1. CMMC
    2. eIDAS
- Cloud Security, Encryption, and Key Management
  - Cloud Security Posture Management
  - Multi-Cloud Encryption
  - Key Management
- Digital Certificates
  - TLS/SSL Certificates
  - Qualified Certificates
  - Sales and Services
  - Verified Mark Certificate (VMC) for BIMI
    Show your official logo on email communications. Download our white paper to learn all you need to know about VMCs and the BIMI standard.
    Learn More
- Digital Signing
  - Digital Signing as a Service
    1. Signing Automation Service
    2. Remote Signing Service
  - Signing Certificates
  - Signing Servers
- Hardware Security Modules (HSM)
  - nShield HSMs
    1. nShield Connect
      Networked appliances that deliver cryptographic key services to distributed applications.
    2. nShield Edge
      Personal, USB-connected desktop HSMs.
    3. nShield Solo
      PCI-Express card-based HSMs.
    4. nShield as a Service
      Subscription-based access to dedicated nShield HSMs.
    5. nShield HSMi
  - nShield Software
  - Management and Monitoring
    1. nShield Monitor
    2. nShield Remote Administration
  - Compliance
    1. FIPS 140-2
    2. GDPR
    3. PSD2
    4. NIST 800-53 Fedramp
    5. Common Criteria
    6. eIDAS
    7. HIPAA
    8. PCI-DSS
    9. Americas
    10. EMEA
    11. APAC
    12. Global
  - Use Cases
  - 1. View All Use Cases
- Identity and Access Management (IAM)
  - Products
    1. Identity as a Service
      Cloud-Based IAM
    2. Identity Enterprise
      On-prem IAM
    3. Identity Essentials
      On-prem MFA solution for Windows users
  - Testimonials
  - Portfolio Capabilities
  - Workforce Identities
  - For Consumers and Citizens
- Public Key Infrastructure (PKI)
  - Products
  - Managed Services
- Central Issuance
  - Financial Cards
  - Government Cards
- Instant Issuance
  - Financial Cards
  - ID Cards
- Passport issuance
  - Passports
  - Try Our Passport Credential Builder
    Learn More
- Partners
  - Become an Entrust Partner
    Our partner programs can help you differentiate your business from the competition, increase revenues, and drive customer loyalty. Consider joining one or more of our Entrust partner programs and strategically position your company and brand in front of as many potential customers as possible.
    Learn More
  - Partner Directory
    Search for partners based on location, offerings, channel or technology alliance partners.
    Search for a Partner
  - Programs
  - Partner Logins
- Support & Services
  - Contact Support
  - TrustedCare
    Product downloads, technical support, marketing development funds.
    Learn More
  - Digital Security Knowledge Base
    Guides, white papers, installation help, FAQs and certificate services tools.
    Learn More
  - Issuance Systems Knowledge Base
    Technotes, product bulletins, user guides, product registration, error codes and more.
    Learn More
  - PKI Professional Services
  - Cryptographic Center of Excellence
    Construct best practices and define strategies that work across your unique IT environment.
    Learn More
  - Custom Cryptographic Solutions
    1. Code Signing
    2. HSM Application Integration
  - Product Deployment Services
  - Packaged Services
  - Training
- Resources
  - Issuance Systems Knowledge Base
    Technotes, product bulletins, user guides, product registration, error codes and more.
    Learn More
  - Digital Security Knowledge Base
    Guides, white papers, installation help, FAQs and certificate services tools.
    Learn More
- About Entrust
  - Securing a World in Motion Since 1969
    We’ve established secure connections across the planet and even into outer space. We’ve enabled reliable debit and credit card purchases with our card printing and issuance technologies. Protected international travel with our border control solutions. Created secure experiences on the internet with our SSL technologies. And safeguarded networks and devices with our suite of authentication products.
    Explore Our History
  - 1. Leadership
    2. Blog
    3. Careers
    4. Events
    5. Webinars
    6. Podcasts
    7. News Articles
    8. Press Releases
  - Cybersecurity Institute
    Get critical insights and education on security concepts from our Trust Matters newsletter, explainer videos, and the Cybersecurity Institute Podcast.
    Learn More
- Shop
  - Entrust Certificate Services Portal
    Existing Entrust Certificate Services customers can login to issue and manage certificates or buy additional services.
    Learn More
  - Entrust Certificate Services Retail
    Shop for new single certificate purchases.
    Learn More
  - Entrust Certificate Services Partner Portal
    Existing partners can provision new customers and manage inventory.
    Learn More
  - Instant Financial Card Issuance Supplies
    1. Registered Customer Login
    2. Request Access
- Search Entrust
  - Search:

Geo-fencing

Regional datacenters facilitate geo-fencing to meet cloud data security and data sovereignty mandates.

Crypto Security + Cloud Strategy

Advance your cloud-centric strategies with FIPS 140-2 Level 3 protection for your business-critical apps and data.

Maintain Full Control of Your Keys

Supports multi-cloud/hybrid deployments with the same consistent toolset. Flexibility to migrate workloads on premises or to another CSP.

Secure Code Execution

The CodeSafe secure execution capability provides on-demand access to your organization's secure, sensitive code protected inside the HSM.

Basic, Standard, Premium or Enterprise as Self Managed or Fully Managed to meet your needs.

Service Options
Service Level

Features

Signatures/sec (2K RSA)

Number of HSM Instances

High-Availability - Multi Geo location

Committed SLA

Number of Application Integrations

Fully Managed Option

BASIC

Signatures/sec (2K RSA)150

Number of HSM Instances1 x HSM

High-Availability - Multi Geo location

Committed SLA99%

Number of Application Integrations3

Fully Managed Option

STANDARD

Signatures/sec (2K RSA)300

Number of HSM Instances2 x HSM

High-Availability - Multi Geo location

Committed SLA99.9%

Number of Application Integrations10

Fully Managed Option

PREMIUM

Signatures/sec (2K RSA)6,000

Number of HSM Instances2 x HSM

High-Availability - Multi Geo location

Committed SLA99.9%

Number of Application Integrations100

Fully Managed Option

ENTERPRISE

Signatures/sec (2K RSA)16,000

Number of HSM Instances2 x HSM

High-Availability - Multi Geo location

Committed SLA99.9%

Number of Application Integrations1,000

Fully Managed Option

Details

Tech Specs

Connectivity

IPsec tunnel w/ pre-shared keys
Between customer Cloud IP space(s) and dedicated, managed nShield HSM environment
Transparent to client hosts
Takes entire path out of control scope

Certified Hardware Solutions

nShield as a Service is built with nShield Connect HSMs, which help our customers to demonstrate compliance while also giving them the assurance that their HSMs meet stringent industry standards.

nShield Features

nShield as a Service delivers the same features as on-premises nShield HSMs, including CodeSafe, Web Services Option Pack, Container Option Pack and Database Option Pack.

Security Compliance:

FIPS 140-2 Level 3

Safety and Environmental Standards Compliance:

UL, CE, FCC, RCM, Canada ICES
RoHS2, WEEE

Data Center Certifications

Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) - Level 1

Wide Support for APIs, Cryptographic Algorithms and Platforms

Supported APIs

PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI/CNG and Web Services

Supported Cryptographic Algorithms

Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph), Secp256k1,
Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
Full Suite B implementation with fully licensed ECC including Brainpool and custom curves

nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Supported Platforms

Microsoft Windows and Linux operating systems including distributions from RedHat, SUSE, and major cloud service providers running as virtual machines or in containers.

Deployment Options

nShield as a Service is available in a range of options to meet the needs of your organization. For price sensitive customers a self-managed single HSM instantiation is available in the customer’s preferred location. Standard, Premium and Enterprise customers can specify preferred HSM locations to meet their operational, DR and data sovereignty needs while choosing the optimum performance and price point.

Self-Managed and Fully-Managed Features

Customer has remote access to dedicated nShield Connect hardware hosted in secure data centers

The nShield Remote Administration kit lets you securely connect to and interact with your cloud-based nShield HSM(s)

Maintenance & Support

Service monitoring
Pre-tested upgrades/patches applied during annual or emergency maintenance windows
24/7 support

Features Exclusive to Fully-Managed Service

Full Management of installation

Security Officer role fulfilled by trusted Entrust personnel

Security World creation
HSM enrollment
Signing ceremonies

Policy and process development

Under ISO 27001 compliant policies & procedures

All operational staff BS7858 cleared (non-US data centers only)

Firmware upgrades, completed with customer consent

Cloud Disaster Recovery

Increase redundancy and reliability of on-premises deployments.

Subscription-based service
Adds off-site HSM resources
Convenient and cost-effective

Related Resources

nShield as a Service Data Sheet

nShield Connect Data Sheet

Entrust nShield HSM FIPS 140-2 and Common Criteria Security Certifications

Security World Architecture White Paper

Square

We have a long history together and we’re extremely comfortable continuing to rely on Entrust solutions for the core of our business. We have used Entrust HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.

Neal Harris, Security Engineering Manager, Square, Inc

VIEW CASE STUDY

Verifone

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected Entrust HSMs to provide robust security, unmatched performance, and superior scalability across our payment security platforms…

Joe Majka, Chief Security Officer, Verifone

VIEW CASE STUDY

Memjet

The Entrust nShield sales team provided excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth, and quality of the product documentation gave us confidence that the solution was well though-out and supported.

Robert Fairlie-Cuninghame, QAI Technical Lead/Architect, Memjet

VIEW CASE STUDY

Polycom

Entrust provided the expertise needed to design and implement a tailored, secure VoIP solution.

Marek Dutkiewicz, Polycom

VIEW CASE STUDY

Case Study

nShield as a Service and Fortune 500 Chemical Manufacturer

Download

Video

nShield as a Service

Watch Now

Data Sheet

CodeSafe Developer Toolkit

Download Now

White Paper

Security World Architecture

Learn More

nSHIELD AS A SERVICE

nShield as a Service Benefits