nShield as a Service (nSaaS)
Get subscription-based access to dedicated nShield hardware security modules (HSMs) for cloud-based cryptographic services.
What is nShield as a Service?
nSaaS is a subscription-based solution for generating, accessing, and protecting cryptographic key material, separately from sensitive data, using dedicated FIPS 140-2 Level 3 certified nShield Connect HSMs. The solution delivers the same functionality as on-premises HSMs and the benefits of a cloud service deployment, without the need to host and maintain the appliances.
Ready for migration or a mixed approach
Because nShield as a Service benefits from the same unique Security World architecture as on-prem nShield deployments, you can easily migrate your cryptographic operations from on-prem to the cloud, or use a hybrid approach, mixing both cloud-based and on-prem nShield HSMs for increased redundancy and reliability.
Simplifying Your Cloud Migration
Today's enterprises seek the flexibility of cloud deployments. However, when the HSMs acting as your trust anchors reside in your datacenter, access from your cloud applications becomes complex and expensive. With nSaaS your applications can access your HSMs from anywhere—your datacenter, your cloud deployments, or both—while benefiting from:
- Predictable Budgeting
- Convert CapEx to OpEx with monthly performance-based pricing
- Comprehensive Protection
- Extend cryptography and key management across multiple clouds
- Optimized Resources
- Decrease time spent on maintenance and monitoring tasks
nShield as a Service Benefits
Geo-fencing
Regional data centers facilitate geo-fencing to meet cloud data security and data sovereignty mandates.
Crypto Security + Cloud Strategy
Advance your cloud-centric strategies with FIPS 140-2 Level 3 protection for your business-critical apps and data.
Maintain Full Control of Your Keys
Supports multi-cloud/hybrid deployments with the same consistent toolset. Flexibility to migrate workloads on premises or to another CSP.
Secure Code Execution
The CodeSafe secure execution capability provides on-demand access to your organization's secure, sensitive code protected inside the HSM.
Migrate seamlessly
Looking for a pain-free migration without the hassle? The Entrust Cloud Concierge service delivers a seamless transition from your on-premises nShield HSM estate to nShield as a Service. Our Professional Services team will work with you to plan and execute the smooth migration of your existing keys, clients, and applications.
Security World Architecture
The nShield Security World architecture supports a specialized key management framework that spans the entire nShield family of general-purpose HSMs.
Choose the service and level that’s right for you
Basic, Standard, Premium or Enterprise as Self Managed or Fully Managed to meet your needs.
Service Options
Features
BASIC
STANDARD
PREMIUM
ENTERPRISE
Service Level
Service Features
Self Managed
Fully Managed
Tech Specs
Connectivity
- IPsec tunnel w/pre-shared keys
- Between customer Cloud IP space(s) and dedicated, managed nShield HSM environment
- Transparent to client hosts
- Takes entire path out of control scope
Certified Hardware Solutions
nShield as a Service is built with nShield Connect HSMs, which help our customers to demonstrate compliance while also giving them the assurance that their HSMs meet stringent industry standards.
nShield Features
nShield as a Service delivers the same features as on-premises nShield HSMs, including CodeSafe, Web Services Option Pack, Container Option Pack and Database Option Pack.
Security Compliance:
- FIPS 140-2 Level 3
- PCI-DSS
Safety and Environmental Standards Compliance:
- UL, CE, FCC, RCM, Canada ICES
- RoHS2, WEEE
Data Center Certifications
Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) - Level 1
Wide Support for APIs, Cryptographic Algorithms and Platforms
Supported APIs
- PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI/CNG and Web Services
Supported Cryptographic Algorithms
- Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph), Secp256k1,
- Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
- Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
- Full Suite B implementation with fully licensed ECC including Brainpool and custom curves
nShield HSMs offers support for the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.
Supported Platforms
Microsoft Windows and Linux operating systems including distributions from RedHat, SUSE, and major cloud service providers running as virtual machines or in containers.
Deployment Options
nShield as a Service is available in a range of options to meet the needs of your organization. For price sensitive customers a self-managed single HSM instantiation is available in the customer’s preferred location. Standard, Premium and Enterprise customers can specify preferred HSM locations to meet their operational, DR and data sovereignty needs while choosing the optimum performance and price point.
Self-Managed and Fully-Managed Features
Customer has remote access to dedicated nShield Connect hardware hosted in secure data centers
The nShield Remote Administration kit lets you securely connect to and interact with your cloud-based nShield HSM(s)
Maintenance & Support
- Service monitoring
- Pre-tested upgrades/patches applied during annual or emergency maintenance windows
- 24/7 support
Features Exclusive to Fully-Managed Service
- Full Management of installation
- Security Officer role fulfilled by trusted Entrust personnel
- Security World creation
- HSM enrollment
- Signing ceremonies
- Policy and process development
- Under ISO 27001 compliant policies & procedures
- All operational staff BS7858 cleared (non-US data centers only)
- Firmware upgrades, completed with customer consent
Cloud Disaster Recovery
Increase redundancy and reliability of on-premises deployments.
- Subscription-based service
- Adds off-site HSM resources
- Convenient and cost-effective
What Our Customers Are Saying
Related Resources
Fill out the form below, and an Entrust nShield as a Service specialist will be in touch soon.