Skip to main content
purple hex pattern

Access high assurance hardware security modules through a cloud friendly interface

Web services have proliferated since the birth of the Internet, with web servers, client servers and associated infrastructure communicating using the universal, simple language Hyper-Text Transfer Protocol (HTTP). Companies may want to leverage their web services infrastructure and applications while incorporating cryptographic controls to protect sensitive data and systems and the underlying cryptographic keys. The use of hardware security modules (HSMs) to safeguard keys in a web services environment is not only a recognized best practice but is often required by compliance mandates.

Challenges

  • Adding the functionality that enables applications to access HSM-based cryptographic services requires skilled, often maxed out, cryptographic expertise
  • Typically, integrating applications with HSMs requires binding to local host libraries, which adds to deployment complexity
  • Traditional web application interfaces with HSMs require dependence on client application infrastructure and OS-specific software local to the application

Solutions

The Entrust nShield Web Services Option Pack creates an easily accessible, streamlined interface between applications requiring cryptographic key and data protection services and highly secure Entrust nShield HSMs. Entrust nShield HSMs perform a variety of cryptographic functions including key generation, encryption, decryption, signing and verifying. The nShield Web Services Option Pack makes these core functions available to applications through a simple web-service interface whilst supporting the segregation of key usage.

Benefits

  • Efficient access to remote cryptographic services from cloud, data center, or on-premises applications
  • Streamlined development of applications that access nShield HSM crypto services
  • Simple deployment that eliminates the need for client-side integration
  • Flexible OS and architecture support

Related Products

HSM

nShield as a Service


nShield as a Service is a subscription-based solution for generating, accessing, and protecting cryptographic key material.