Web-services-based deployments
Access high assurance hardware security modules through a cloud friendly interface
Web services have proliferated since the birth of the Internet, with web servers, client servers and associated infrastructure communicating using the universal, simple language Hyper-Text Transfer Protocol (HTTP). Companies may want to leverage their web services infrastructure and applications while incorporating cryptographic controls to protect sensitive data and systems and the underlying cryptographic keys. The use of hardware security modules (HSMs) to safeguard keys in a web services environment is not only a recognized best practice but is often required by compliance mandates.
Challenges
- Adding the functionality that enables applications to access HSM-based cryptographic services requires skilled, often maxed out, cryptographic expertise
- Typically, integrating applications with HSMs requires binding to local host libraries, which adds to deployment complexity
- Traditional web application interfaces with HSMs require dependence on client application infrastructure and OS-specific software local to the application
솔루션
The Entrust nShield Web Services Option Pack creates an easily accessible, streamlined interface between applications requiring cryptographic key and data protection services and highly secure Entrust nShield HSMs. Entrust nShield HSMs perform a variety of cryptographic functions including key generation, encryption, decryption, signing and verifying. The nShield Web Services Option Pack makes these core functions available to applications through a simple web-service interface whilst supporting the segregation of key usage.
이점
- Efficient access to remote cryptographic services from cloud, data center, or on-premises applications
- Streamlined development of applications that access nShield HSM crypto services
- Simple deployment that eliminates the need for client-side integration
- Flexible OS and architecture support
리소스
The Entrust nShield Web Services Option Pack creates an easily accessible, streamlined interface between applications requiring cryptographic key and data protection services and highly secure nShield HSMs. Entrust nShield HSMs perform a variety of cryptographic functions including encryption, decryption, signing and verifying, and now these core functions are available to applications through a simple web-service interface.
nShield as a Service is a subscription-based solution for generating, accessing and protecting cryptographic key material, using dedicated FIPS 140-2 Level 3 certified Entrust nShield Connect HSMs.
nShield Container Option Pack makes it easy to build HSM support into containerized deployments and provides a template deployment model that allows you to focus on the containerized application without having to worry about the HSM integration.
관련 제품
- HSM
- 소프트웨어
nShield as a Service
FIPS 140-2 인증을 받은 전용 nShield Connect HSM이 포함된 암호화 키에 대한 구독 기반 서비스입니다.
nShield Web Services Option Pack
REST 유사 API를 통해 웹 서비스를 호출하여 nShield 서비스에 액세스합니다.
nShield 컨테이너 옵션 팩
검증된 템플릿 배포 모델을 사용하여 컨테이너식 배포에 HSM 지원을 구축합니다.