Skip to main content
purple hex pattern
server behind blurred blue glass

HSM Services On-Demand, Not On-Premises

With nShield as a service you can reduce the complexity and cost without sacrificing data security standards or control of your keys. nShield as a Service provides global access to cloud-based nShield HSMs for the same cryptographic services you’d expect from on-prem HSMs, without the physical footprint or maintenance costs: 

  • Keep cryptographic keys secure in dedicated tamper-resistant, FIPS 140-2 Level 3 certified HSMs 
  • Securely generate, use, and manage cryptographic keys for encryption, decryption, and digital signing 
  • Maintain strict security controls and customer-defined polices across your environments 
  • Execute code securely for cloud-based workloads

Cloud-Based HSMs Make Security and Compliance Easier

nShield as a Service puts the best practices in High Assurance data security in reach, with access to dedicated FIPS 140-2 Level 3 and eIDAS (EN 419 221-5) certified nShield Connect HSMs in the cloud, to help your organization comply with regulatory obligations and standards, including: Common Criteria GDPR HIPAA PCI-DSS

lit up hallway in server room
three seated people in glassed office with blurred person walking by

A Predictable, Scalable Price

Entrust offers nShield as a Service on a subscription basis with different performance tiers and price points, ensuring scalable performance and costs. 

The subscription-based approach makes it easier to forecast and justify your expenses for finance and procurement departments that favor the predictability of OpEx over CapEx. You also don’t have to worry about surprise costs, including the costs of hiring the highly skilled staff needed to maintain on-prem HSMs. Furthermore, within each performance tier the service can support multiple use cases and any number of keys, without incurring more cost.

Ready to Integrate with Your Environments, Algorithms, or Use Cases

Since every organization’s cloud strategy is unique, nShield as a Service offers flexibility and complete control over your keys in any environment – single cloud, multi-cloud, or hybrid. 

Your keys protected by nShield, both on-premises and via the service, are interoperable and free to be used securely across major cloud providers, including AWS, Google Cloud, and Azure. 

You don’t have to own your HSMs or cloud environments to own your keys.

man with beard looking at server
blurred lights on highway

Prepare for Post-Quantum Cryptography with nShield as a Service

You can start using NIST’s quantum-resistant algorithms with nShield as a Service by adding the optional Entrust nShield Post-Quantum Software Development Kit (SDK).

Infographic: On-Prem HSMs vs. Cloud HSMs

Compare the strengths and differences of using nShield HSMs on-premises with cloud-based nShield HSMs and learn how you can use nShield Security World to integrate your on-prem and cloud-based nShield HSMs for a hybrid approach.

Frequently Asked Questions

What is a Cloud HSM?

Hardware security modules are hardened, tamper-resistant devices that secure cryptographic processes by generating, protecting, and managing keys for encrypting and decrypting data, or creating digital signatures and certificates.

A cloud hardware security module, or cloud HSM, is a cryptographic device hosted in the cloud that provides the same functionality as an on-premises HSM. It offers secure key management, encryption, and digital signing services without the need for physical hardware. Cloud HSMs allow you to:

  • Align crypto security requirements with organizational cloud strategy
  • Support finance and procurement preferences to shift from a CapEx to an OpEx model
  • Simplify budgeting for business-critical security
  • Allow high-skilled security personnel to focus on other tasks
  • Meet high-assurance security, data protection, and compliance mandates

How Does a Cloud HSM Work?

Cloud-based nShield HSMs put the best practices of high-assurance data protection in reach to help you comply with regulatory obligations and standards. With nSaaS, you can choose from two deployment options:

  • Self-Managed: You retain full control of each HSM device, managing them through a remote administration server.
  • Fully Managed: You delegate management and maintenance to our trusted team while still accessing key management and cryptographic services via cloud computing.

What is nShield as a Service (nSaaS)?

nShield as a Service is a cloud-based HSM solution. It offers the same robust security and functionality as on-premises nShield HSMs but with the added flexibility and convenience of being hosted in the cloud. This service enables organizations to perform critical cryptographic tasks, such as key management, encryption, and digital signing, without the need to manage and maintain physical HSM hardware.

How Can I Use a Cloud HSM?

Organizations can leverage Entrust nShield HSMs and their cryptographic services for a wide array of applications, including:

  • Public key infrastructure
  • Key management
  • Privileged access management
  • Containerization and cloud security
  • Database security
  • Code signing
  • Identity and user authentication
  • Payment security
Download eBook

Complete the form to download our guide to delivering cryptography with subscription-based access to dedicated nShield Hardware Security Modules.