When considering the intersection of roots of trust and the accessibility of services provided by cloud architecture, reliable options quickly become scarce. That is why we at Fornetix are excited to see Entrust launch its “nShield as a Service” offering. With the combination of Internet of Things (IoT) based technologies and the embracing of “as a Service” cloud capabilities, there is a growing need for HSM services that can be provisioned and integrated with cloud principles while not belonging to a specific cloud vendor. At Fornetix, we build our technology to play to the middle, enabling public, private, and hybrid cloud solutions. We are excited to see Entrust’s nShield as a Service solution parallel our own. We believe the joint approach will help customers embrace effective use of cryptography no matter how they use technology, whether it be cloud first/cloud native, hybrid cloud, or private cloud.

For organization adopting a cloud native/cloud first strategy, our combined solution allows for leveraging a consistent root of trust for cryptographic services within multiple cloud services simultaneously. This allows a customer to pick the best options from Google, Amazon, and Azure while at the same time having a cross cloud solution for orchestration, which in turn has a cloud vendor agnostic root of trust. The end result of this use case is that customers can pick and choose services – like Amazon Greenfield with Azure Micron IoT Services with scalable Key Orchestration integrated with Entrust’s nShield as a Service, providing cloud-independent key wrapping and root of trust. This allows customers, such as an IoT service provider using a purely cloud solution, to use the best services from each cloud provider to implement the best IoT solution that the customer requires.

For customers with hybrid cloud and private cloud solutions, we see immense value in building elastic roots of trust based on extending existing Entrust infrastructure within the nShield as a Service solution. Consider the community of highly-regulated industries, such as telecommunications and finance, that are reversing their initial investments in cloud towards adoption of cloud principles and focused cloud technologies. The integration of nShield as a Service with Key Orchestration is tailor-made for those customers. The nShield as a Service solution allows for an elastic root of trust that can integrate with Key Orchestration deployed in a similar manner. This allows for a rapidly expandable solution which extends the initial investments in hardware and virtual infrastructure into an nShield as a Service anchored solution, integrated with existing Entrust physical HSMs for elastic cryptography services.

With this new capability option, the Fornetix team is looking forward to helping customers make the most of trust and cryptography, no matter the project or how they intend to leverage cryptography. With our customers, we see this as a critical capability, especially in parts of the world where adoption of our joint solution helps provide a foundation of trust no matter which cloud service the customer uses.

As organizations continue to adopt multiple cloud capabilities across service providers, the nShield as a Service solution aligns with this trend in service-based architecture as well as how we deploy Key Orchestration technology as a service for customers. Customers now have a dynamic solution for roots of trust across clouds and datacenters. Fornetix is excited to partner with Entrust to provide our joint solution for customers no matter how they adopt cloud technology.

About Chuck White

Chuck is a technologist, inventor, entrepreneur, father, and husband. He has extensive knowledge in cyber defense, collaboration solutions, big data analytics, and security software development. He is a former U.S. Army officer, combat veteran, father of a four-year-old girl who loves Supergirl, and a recognized thought leader in the security software community. Chuck is a member of the OASIS KMIP and OpenC2 technical committees and is a co-editor for version 2.0 of the KMIP specification.