nShield as a Service (nSaaS)
Get subscription-based access to dedicated nShield hardware security modules (HSMs) for cloud-based cryptographic services.
What is nShield as a Service?
nSaaS is a subscription-based solution for generating, accessing, and protecting cryptographic key material, separately from sensitive data, using dedicated FIPS 140-2 Level 3 certified nShield Connect HSMs. The solution delivers the same functionality as on-premises HSMs and the benefits of a cloud service deployment, without the need to host and maintain the appliances.
迁移就绪或混合使用
Because nShield as a Service benefits from the same unique Security World architecture as on-prem nShield deployments, you can easily migrate your cryptographic operations from on-prem to the cloud, or use a hybrid approach, mixing both cloud-based and on-prem nShield HSMs for increased redundancy and reliability.
Simplifying Your Cloud Migration
Today's enterprises seek the flexibility of cloud deployments. However, when the HSMs acting as your trust anchors reside in your datacenter, access from your cloud applications becomes complex and expensive. With nSaaS your applications can access your HSMs from anywhere—your datacenter, your cloud deployments, or both—while benefiting from:
- 预算可预测
- Convert CapEx to OpEx with monthly performance-based pricing
- Comprehensive Protection
- Extend cryptography and key management across multiple clouds
- Optimized Resources
- Decrease time spent on maintenance and monitoring tasks
nShield as a Service 的优势
Geo-fencing
Regional data centers facilitate geo-fencing to meet cloud data security and data sovereignty mandates.
Crypto Security + Cloud Strategy
通过 FIPS 140-2 3 级认证保护您的业务关键型应用程序和数据,推动以云为中心的战略顺利进展。
Maintain Full Control of Your Keys
Supports multi-cloud/hybrid deployments with the same consistent toolset. Flexibility to migrate workloads on premises or to another CSP.
安全代码执行
CodeSafe 安全执行功能允许您按需访问组织在 HSM 中受保护的安全、敏感代码。
Migrate seamlessly
Looking for a pain-free migration without the hassle? The Entrust Cloud Concierge service delivers a seamless transition from your on-premises nShield HSM estate to nShield as a Service. Our Professional Services team will work with you to plan and execute the smooth migration of your existing keys, clients, and applications.
Adopt cloud-based RESTful APIs
Developing new cloud-native applications and wishing to take advantage of efficient and dynamic scalability? Our nShield as a Service Web option allows you to easily access cryptographic resources with the flexibility that web services provide.
安全世界架构
The nShield Security World architecture supports a specialized key management framework that spans the entire nShield family of general-purpose HSMs.
Choose the service and level that’s right for you
Basic, Standard, Premium or Enterprise as Self Managed or Fully Managed to meet your needs.
Service Options
功能
BASIC
标准
PREMIUM
企业
Service Level
Service Features
Self Managed
Fully Managed
技术规格
连接性
- IPsec tunnel w/pre-shared keys
- 处于客户云 IP 空间和专用的托管 nShield HSM 环境之间
- TLS tunnel to Web Services hosted on AWS (nSaaS Web Option)
- 对客户端主机保持透明
- 整条路径不受控制限制
通过认证的硬件解决方案
nShield as a Service is built with nShield Connect HSMs, which help our customers to demonstrate compliance while also giving them the assurance that their HSMs meet stringent industry standards.
nShield 功能
nShield as a Service delivers the same features as on-premises nShield HSMs, including CodeSafe, Web Services Option Pack, Container Option Pack and Database Option Pack.
安全合规性:
- FIPS 140-2 3 级认证
安全和环境标准合规性:
- UL、CE、FCC、RCM、加拿大 ICES
- RoHS2、WEEE
数据中心认证
云安全联盟 (CSA) 安全信任保障和风险 (STAR) 1 级
支持各种 API、加密算法和平台
支持的 API
- PKCS #11、OpenSSL、Java (JCE)、Microsoft CAPI/CNG 和 Web 服务
支持的加密算法
- 非对称公钥算法: RSA、Diffie-Hellman、ECMQV、DSA、KCDSA、ECDSA、ECDH、Edwards(X25519、Ed25519ph)、Secp256k1、
- 对称算法: AES、AES-GCM、ARIA、Camellia、CAST、RIPEMD160 HMAC、SEED、Triple DES
- 哈希/消息摘要: SHA-1、SHA-2(224、256、384、512 位)、HAS-160
- 完全的 Suite B(加密支持)实施以及获得完全许可的 ECC,包括 Brainpool 和自定义曲线
作为其标准功能集的一部分,nShield HSM 支持其中大多数加密算法。 如果组织要使用 ECC 或韩国算法,则需要其他可选的激活许可证。
支持的平台
Microsoft Windows 和 Linux 操作系统,包括 RedHat、SUSE 和其他主要云服务提供商发行的作为虚拟机使用或在容器中运行的发行版本。
方案部署
nShield as a Service is available in a range of options to meet the needs of your organization. For price sensitive customers a self-managed single HSM instantiation is available in the customer’s preferred location. Standard, Premium and Enterprise customers can specify preferred HSM locations to meet their operational, DR and data sovereignty needs while choosing the optimum performance and price point.
自我管理和完全托管功能
Customer has remote access to dedicated nShield Connect hardware hosted in secure data centers
nShield 远程管理套件可实现您与基于云的 nShield HSM 之间的安全连接和交互
维护和支持
- 服务监控
- 在年度或紧急维护期间应用经过预先测试的升级/补丁
- 全天候支持
完全托管服务的特有功能
- 实行安装过程全面管理
- 由可信的 Entrust 人员履行安全官角色
- Security World 创建
- HSM 注册
- 签约仪式
- 政策和流程制定
- 符合 ISO 27001 标准的政策和程序
- All operational staff BS7858 cleared (non-US data centers only)
- 在征得客户同意的情况下完成固件升级
Cloud Disaster Recovery
Increase redundancy and reliability of on-premises deployments.
- Subscription-based service
- Adds off-site HSM resources
- 操作方便、经济高效
What Our Customers Are Saying
相关资源
An Entrust nShield as a Service specialist will be in touch soon.