CriptoNube is a middleware that brings you all the advantages of HSMs (Hardware Secure Modules) as a service and makes easy their integration through a complete REST API.
The main advantages of using HSMs in the cloud are:
- Secure environment in the cloud
With CriptoNube you can have a safe place in the cloud where to perform operations with sensitive data. The provider is never allowed to access these data.
- Efficient and easy key management
With a HSM you can generate and store keys safely in order to perform operations with them whenever you want.
- Acceleration of cryptographic operations
The HSM has specific hardware that lets you perform very fast encryptions and decryptions..
- Regulatory compliance
The functionalities of the HSM and its security certification FIPS 140-2 help to the accomplishment of regulations and data protection laws.
- Pay per use
You can access the service and pay only for the use you make of the HSM. If you don’t use it, you don’t pay.
- No maintenance
You don’t need to buy a HSM, you have it as an external secure component, so you don’t need to worry about the hardware maintenance and software updates.
- Support for encrypted cloud storage
You have the possibility of using a cloud storage seamlessly to store and retrieve your encrypted data through the HSM.
The operations you can perform through the CriptoNube’s REST API are:
- Key management and key storage
- Generation of symmetric keys (AES, DES)
- Generation of asymmetric keys, public and private (ECDSA, RSA)
- Signing and verification (ECDSA, RSA)
- Encryption and decryption (AES, DES, RSA)
- Hash calculation (AES, DES, SHA, RIPEMD, MD5)
- Key format conversions
The following table shows a comparison of some features between CriptoNube and other cloud HSM services:
|SCAPE CriptoNube||Other cloudHSM products|
|Instant provisioning of HSMs||✔||✘|
|Not required to configure and install HSM software||✔||✘|
|Seamless integration, at service level||✔||✘|
|High-level API (REST)||✔||✘|
|No reservation fee||✔||✘|
|Pay per use||✔||✔|
|Custom operations in the HSM (under demand)||✔||✘|
|Support of security estandar FIPS 140-2||✔||✔|
CriptoNube’s architecture shows how to access the HSM service from a client using the API which allows to send encrypted data. Only the HSM can access these data in a secure way to process the information. Additionally it is possible to ask the HSM to store or retrieve encrypted data from a cloud storage service. A CryptoNode is an appliance that have a set of already configured HSMs. Criptonube’s middleware communicates with this appliance to provide the service in a transparent way.
Another option is to make use of CriptoNube from applications already deployed in the cloud (SaaS). In this case the client can send the encrypted data to the application so that it can manage the interaction with the HSM through the API.