Web-services-based deployments
Access high assurance hardware security modules through a cloud friendly interface
Web services have proliferated since the birth of the Internet, with web servers, client servers and associated infrastructure communicating using the universal, simple language Hyper-Text Transfer Protocol (HTTP). Companies may want to leverage their web services infrastructure and applications while incorporating cryptographic controls to protect sensitive data and systems and the underlying cryptographic keys. The use of hardware security modules (HSMs) to safeguard keys in a web services environment is not only a recognized best practice but is often required by compliance mandates.
Challenges
- Adding the functionality that enables applications to access HSM-based cryptographic services requires skilled, often maxed out, cryptographic expertise
- Typically, integrating applications with HSMs requires binding to local host libraries, which adds to deployment complexity
- Traditional web application interfaces with HSMs require dependence on client application infrastructure and OS-specific software local to the application
Solutions
The Entrust nShield Web Services Option Pack creates an easily accessible, streamlined interface between applications requiring cryptographic key and data protection services and highly secure Entrust nShield HSMs. Entrust nShield HSMs perform a variety of cryptographic functions including key generation, encryption, decryption, signing and verifying. The nShield Web Services Option Pack makes these core functions available to applications through a simple web-service interface whilst supporting the segregation of key usage.
Benefits
- Efficient access to remote cryptographic services from cloud, data center, or on-premises applications
- Streamlined development of applications that access nShield HSM crypto services
- Simple deployment that eliminates the need for client-side integration
- Flexible OS and architecture support
Resources
Entrust nShield Web Services Option Pack
The Entrust nShield Web Services Option Pack creates an easily accessible, streamlined interface between applications requiring cryptographic key and data protection services and highly secure nShield HSMs. Entrust nShield HSMs perform a variety of cryptographic functions including encryption, decryption, signing and verifying, and now these core functions are available to applications through a simple web-service interface.
nShield as a Service
nShield as a Service is a subscription-based solution for generating, accessing and protecting cryptographic key material, using dedicated FIPS 140-2 Level 3 certified Entrust nShield Connect HSMs.
Entrust nShield Container Option Pack
nShield Container Option Pack makes it easy to build HSM support into containerized deployments and provides a template deployment model that allows you to focus on the containerized application without having to worry about the HSM integration.