Skip to main content

Secure your cryptographic operations and keys with a cloud-based service

Many enterprises today seek the benefits of migrating their applications and data to the cloud to take advantage of more predictable OpEx models and more flexible deployments. But some products, including hardware security modules (HSMs), have traditionally been harder to move because they are trust anchors, protecting the data in a physical security element and making them less portable to the cloud…until now.

Entrust’s nShield® as a Service takes HSMs to the cloud, offering a subscription-based solution that gives you access to the same FIPS and Common Criteria-certified nShield HSMs that are trusted by organizations worldwide.

Watch our video about subscription-based HSMs.

  • Click to select...


Reducing and Managing Costs

Organizations migrating to the cloud seek to compete based on scale, flexibility, and resilience while reducing maintenance costs and making them more predictable.

Agile Scaling

Because traditional HSMs are physical appliances in data centers, cloud-oriented businesses that rely on HSMs can find them constraining when scaling.

Independence from Cloud Providers

Security solutions from cloud service providers (CSPs) run the risk of data access by CSP administrators. So, there has been a growing need for HSM services that can be provisioned and integrated with cloud principles while not belonging to a specific cloud vendor.

Maintaining HSMs

Finding skilled security professionals to administer HSMs is a challenge.


nShield as a Service

nShield as a Service is ideal for cloud-first strategies, selective cloud migration, or supplementing existing HSM capacity to handle workload spikes. It enables users to:

  • Extend cloud-based cryptography and key management across multiple clouds
  • Align crypto-security requirements with organizational cloud strategy
  • Simplify budgeting for business-critical security
  • Decrease time spent on maintenance and monitoring
  • Deploy secured applications faster nShield as a Service is available as either a self-managed or fully-managed service.

nShield as a Service is available as either a self-managed or fully-managed service.


Predictable Budgeting

Accessing Entrust nShield HSMs on a subscription basis means you can expedite the protection your critical keys in a hardened security boundary instead of struggling through a lengthy procurement process.

Protection for Multiple Cloud Environments

nShield as a Service can be used with multiple cloud service providers, in contrast to HSM services offered by individual providers, who strive to lock customers into their cloud environments.

Flexibility Across Your HSM Estate

nShield as a Service gives organizations the option to either supplement or replace HSMs in their data centers while retaining the same benefits as owning the appliances. nShield as a Service allows enterprises to budget for security more predictably, manage capacity based on demand, reduce their data center footprints, and decrease the time spent on routine maintenance and monitoring tasks.

Easy to Use and Scale

Maintaining HSMs as security professionals are pulled in multiple directions, finding time to maintain HSMs is increasingly difficult.

Secure Code Execution for Cloud-based Workloads

The unique CodeSafe secure execution capability gives customers on-demand access to secure computing capacity.

Support for Hybrid Models

Because nShield as a Service benefits from the same unique nShield Security World architecture as on-premises nShield deployments, customers can use a hybrid approach, mixing both nShield as a Service and on-premises HSMs.


Data Sheet: nShield as a Service

nShield as a Service is a subscription-based solution for generating, accessing and protecting cryptographic key material, separately from sensitive data, using dedicated FIPS 140-2-certified nShield Connect HSMs.

Data Sheet: nShield Connect

Entrust nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual

White Paper: The Entrust nShield Security World Architecture

The Entrust nShield Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSM appliances, host-embedded HSM cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.

Data Sheet: CodeSafe

CodeSafe is a set of software tools that enables you to run applications in a secure execution environment inside nShield HSMs.

    Related Products