Securosys CloudHSM

No setup or hardware evaluation. You don't lose any time for system configuration. The system is preconfigured for 24/7 service and operational within hours.

Our experts run the devices and keep the system and security up to date. Your own resources don't need any complementary formation and don't do any installations or maintenance. Thus you have more time for your core business.

The data are subject to the Swiss law that assures one of the highest levels of data protection worldwide.

Your data is kept in a Primus Hardware Security Module. Access by our experts or other CloudHSM users is impossible. Data protection is always guaranteed.

The HSMs are located in two datacentres. Every location features double internet access (multi-homed), thus guaranteeing no downtime.

We use our own ultrasafe Securosys Primus HSM that we have developed and manufactured in Switzerland. It is the very same platform the operators of the Swiss banking system (SIX/SIC) use and trust in.

FIPS-140-2 Level 3 and Common Criteria EAL4+  EN 419 221-5 certified Primus HSM. Service operation and data centers comply to ISO 27001 and BAFIN and FINMA cicrulars. Thus they comply to most of the applications.

You don't have to hammer out a security policy from scratch, because the service is set up with a best practice policy. You can change the policy according to your needs.

With our service you have no initial costs, nor capital lockup. Operation is outsourced. Cost of ownership is reduced enormously.

The applications are diverse. The connection is established via PKCS#11, JCE/JCA, Microsoft CNG interface or REST API.

In case you decide to leave our service to insource your HSM you may do so by activating simply your on-premise backup HSM.

Specific HSM cluster available in strict FIPS mode and Common Criteria compliant mode according to EN 419 221-5 for eIDAS or ZertES applications. Specific HSM cluster available in strict FIPS mode. Operation of the service and the data centers comply to ISO 27001, tier III. Additionally, the backup data center provides protection form Electromagnetic Puls (EMP/HMP, BSI zone 3 / NATO zone 2).

Access to the key storage by other CloudHSM users or the CloudHSM experts is impossible. With Decanus Terminal Partition Administration you perform all management tasks yourself, you even can lock out the HSM operations team from any management activities on your partition.

The data remains accessible even in the event of an elementary damage. They are mirrored at three geographically separate locations, one in a former military bunker in the Swiss Alps.

Storage in two data centers and backup location guarantees maximum availability. Each location has redundant internet connection. Every site has different internet providers.

The Primus HSM in CloudHSM feature a CC EAL4+ certified keystore, protecting a factory installed root certificate and root key. The device then creates its own intermediary (device) key and its certificate is signed by the root key. The intermediary key is then used to sign attestation and timestamp key created for each partition. Thus, providing proof to you or any trust service provider that your keys are hold securely on Primus HSM.

libC Technologies provides expert software development in IT security, authentication, encryption and digital signature. Their product SwissPKI is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to embedded or CloudHSM solution, the service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.

CREALOGIX is a Swiss software house that operates globally. It belongs to the leading companies in the area of digital banking, digital payment and digital learning. CREALOGIX develops and implements innovative Fintech solutions.