Public Cloud Integration

Public Cloud Integration

Native Cloud HSM Connection

Seamlessly integrate your public cloud instances with VirtuCrypt cloud HSM services to secure the many benefits of cloud encryption & key management.

Menu

Cloud Hardware Security Modules (HSM)

All VirtuCrypt cloud services are powered by industry-leading hardware security modules (HSM) from Futurex and rely on Futurex applications for the VirtuCrypt Intelligence Portal (VIP) management interface. VirtuCrypt instances are located in multiple high-security data centers around the world. With VirtuCrypt cloud HSMs, businesses can utilize some of the most powerful cryptographic devices available today through native public cloud integration to support financial & general purpose cryptographic processing.

Financial Cloud HSM

As the financial organizations continue their strategic digital transformation initiatives, the dependence on public clouds and associated services has decision makers looking to move critical infrastructure into the cloud without suffering negative impacts to performance & cost. Businesses can now utilize financial cloud HSMs which offer the same high performance functionality of physical PCI-compliant hardware security modules but deployed & configured like a cloud service. Our financial cloud HSMs are fit with functionality and features specialized for financial acquiring, financial issuing and Point-to-Point Encryption (P2PE) processing.

Direct Integration

An increasingly popular choice for public cloud usage is direct integration with other services and applications housed outside the public cloud. Integrating on-premises hardware with cloud-based applications or connecting Software-as-a-Service (SaaS) solutions to separate cloud applications has allowed for sharing and unifying data and improving connectivity and visibility. Additionally, there are many benefits to integrating cloud HSMs with public cloud platforms which includes cost-effectively adding redundancy and automating disaster recovery schemes.

Benefits of Integrating Cloud HSMs

Multi-Region Crypto Processing

Enable a single cloud HSM to connect with multiple public cloud regions. Multiple applications can simultaneously connect to VirtuCrypt cloud HSMs through the public cloud from varying global regions.

Available Cloud Services

VirtuCrypt cloud HSMs can be utilized just like many other public cloud services made available on the provider service marketplace. For instance if an organization is already using Amazon AWS, the onboarding and renewal of the service is managed via AWS Marketplace.

High Availability & Disaster Recovery

Ensure high fault tolerance by configuring cloud HSMs to be highly available and have full disaster recovery capabilities. Cloud HSMs can be configured and automated as failover devices in the event regional processing resources are unavailable.

Cloud Elasticity

Continue to intelligently grow your cloud footprint by creating secure HSM environments that can scale on demand while also accomplishing system updates and maintenance without taking core systems offline.

 

Benefits of Integrating Cloud HSMs

Multi-Region Crypto Processing

Enable a single cloud HSM to connect with multiple public cloud regions. Multiple applications can simultaneously connect to VirtuCrypt cloud HSMs through the public cloud from varying global regions.

Available Cloud Services

VirtuCrypt Cloud HSMs can be utilized just like many other public cloud services made available on the provider service marketplace. For instance if an organization is already using AWS, the onboarding and renewal of the service is managed via Amazon Marketplace.

High Availability & Disaster Recovery

Ensure high fault tolerance by configuring cloud HSMs to be highly available and if needed in a disaster recovery scenario can act as failover devices in the event regional HSMs go down or are overwhelmed.

Cloud Elasticity

Continue to intelligently grow your cloud footprint by creating secure environments that can scale with a click of the mouse (or touch of the finger with Excrypt Touch) based on demand while also accomplishing system updates and maintenance without taking core systems offline.

Secure Onboarding

When working with VirtuCrypt to harden your HSM and key management infrastructure, security is established from the source, removing any possibility of process-related risks or errors. Our onboarding process is designed with compliance, security, and ease of use in mind. VirtuCrypt follows a standardized onboarding process which has been validated by independent third-party auditors for adherence to compliance requirements.

Onboarding Process

  1. Completion of forms and due diligence to validate personnel
  2. Creation of a VIP account
  3. Download client certificate
  4. Network setup and validation
  5. Load major keys and network keys

Integration Components

CryptoVerse

Utilizing a PKI managed by VirtuCrypt, a Cryptoverse isolates which services the public cloud applications have access to. A Cryptoverse is used to ensure mutual authentication and strong encryption with all endpoints, whether those are cloud HSM services, incoming connections to VirtuCrypt, access points like load balancers and edge systems, or client applications.

CryptoTunnel

A CryptoTunnel defines the connection parameters to VirtuCrypt. It consists of a name, the Cryptoverse used to authenticate incoming clients, the service that the tunnel will be routed to (the cloud HSM), the incoming channel (Internet, public cloud, etc.), the public cloud provider, the region of the public cloud that will be operated in, and any information that must be whitelisted.

VirtuCrypt Access Point (VAP)

A VirtuCrypt Access Point (VAP) is a VirtuCrypt-owned Virtual Private Cloud. Virtual Private Clouds allow for a logically separated section of the public cloud where an organization, in this case VirtuCrypt, defines its own virtual network. The VAP enables access to VirtuCrypt from a public cloud in a secure manner without directly transiting the Internet, and it also offers connectivity for a range of other access methods.

EndPoints / Private Link

The endpoint allows your organization to access VirtuCrypt in the public cloud. An endpoint must be designated on the VirtuCrypt Access Point to create the communication channel between the public cloud and the VirtuCrypt cloud HSM.

A monitor, laptop screen, and a cell phone screen showing the VirtuCrypt Intelligence Portal graphic user interface

Configuration & Monitoring

The VirtuCrypt Intelligence Portal (VIP) is the primary method through which users manage their cloud encryption services. The VIP is a secure website for configuring and reviewing all VirtuCrypt services. The intuitive dashboard allows for secure management and monitoring of your entire cloud HSM environment, audit logs, and tracking account activity from a single location.

Public Cloud Integration - Amazon Web Services (AWS)

An example of a public cloud provider that can be integrated with financial cloud HSMs is Amazon Web Services (AWS). Through AWS, you can create a Virtual Private Cloud (VPC) that can connect to VirtuCrypt. A VPC allows for a logically separated section of the cloud where your organization can define its own virtual network and handle workloads. These VPCs are deployed per AWS region.

AWS Marketplace

Another benefit of integrating cloud HSMs with AWS is the full integration with the Amazon Marketplace. As one of the largest and most widely used cloud platforms, AWS has a multitude of services that can be utilized for hosting applications & infrastructure with global availability. Using the Amazon Marketplace helps with the onboarding as well.

  • Financial Acquiring
  • Financial Issuance
  • P2PE

Visit AWS Marketplace →

Integrate Financial Cloud HSMs with Public Clouds

As the demand for cloud services increases and many financial acquiring, issuing, and Point-to-Point Encryption application providers take a cloud-native approach, organizations are also starting to look to their financial hardware security module vendors for native cloud solutions. You can learn more about financial cloud HSMs utilization and integration by downloading our white paper or book a personalized product demo with a VirtuCrypt Solution Architect.

Topics Include:

  • Payment Processing
  • PIN & PAN Validation
  • Vaultess Tokenization
  • Mobile Payment Acceptance

Download Whitepaper

[caldera_form id="CF5eac89682d436"]

Key Management Methods

Key Agent Services

For organizations requiring key management assistance, VirtuCrypt’s CTGA-accredited key agent team can compliantly load keys into HSMs. With this service, VirtuCrypt handles the generation, handling, and storing of key components, but the ownership of the keys remains with the customer throughout this process.

When keys need to be accessed, VirtuCrypt securely generates and prints key components in tamper-evident envelopes before mailing them to the customer. This convenient option ensures customers have access to keys at any point in time, without the responsibility of generating and loading them into the HSM.

Bring Your Own Key (BYOK)

Organizations requiring self-management of encryption keys to protect their most sensitive data through the Bring Your Own Key (BYOK) methodology can confidently manage keys in VirtuCrypt cloud HSMs. The Excrypt Touch is Futurex’s FIPS 140-2 Level 3 and PCI HSM validated tablet that allows organizations to securely manage their own encryption keys from anywhere in the world. With the Excrypt Touch, administrators can securely establish a remote TLS connection with mutual authentication and load clear master keys to VirtuCrypt cloud HSMs.

 

Hardware Security Module Generation

Administrators can randomly generate major keys using the random number generator of their cloud HSMs, although this method of key management is very rarely used in financial environments. This is due to key exchange requirements between various stakeholders in the transaction processing workflow. Without sharing keys, these entities would not be able to communicate with each other.

Secure Services

VirtuCrypt provides a number of secure services for organizations that implement VirtuCrypt's cloud-based cryptographic infrastructures. These services enable organizations without the desire or capability to construct their own secure room to utilize facilities they would otherwise have no access to. In addition, our Secure Services can be contracted for one-time use or recurring engagements as part of the VirtuCrypt Enterprise package.

Customized Manufacturer-Class Solutions

Custom Projects & Joint Development Initiatives

VirtuCrypt has distinguished itself in the industry with the ability to develop and implement custom manufacturer class projects and joint development initiatives in a cost-effective, reliable, and standards-compliant manner with expedited delivery to market. VirtuCrypt’s engineering team has decades of experience developing custom software and hardware solutions for organizations and device manufacturers of all sizes.

Certificate Authority Services

Generation, Signing, and Hosting Services

To eliminate the worry and hassle of certificate hosting for organizations that don’t have a compliant secure room, VirtuCrypt offers certificate authority generation, signing, and hosting services at our secure data centers.

Full Support Services

VirtuCrypt knows that besides the latest data encryption innovations, you are also looking for best-in-class support services. Xceptional Support Services are professionally conducted by members of the Xceptional Support Team, all of whom are Certified TR-39 (TG-3) Auditors (CTGA) who are available to both domestic and international customers.


Troubleshooting and Issue Resolution

Xceptional Support

Problems inherently arise within IT environments. If there is a problem, VirtuCrypt has dedicated Solutions Architects to support organizations from investigation to final resolution, making sure issues do not escalate. Organizations have multiple avenues of access, including phone, e-mail, and the VIP Dashboard, an intuitive website for reviewing all information related to your VirtuCrypt environment.

Onsite Training

In-person Training

Onsite training is a convenient and beneficial way to keep your organization up-to-date when you choose the time and place for the Xceptional Support Trainers to come to you. Whether you are new to data encryption, industry compliance mandates, and transaction security, or you are an industry veteran looking to take your organization to the next level, our onsite training provides a great value with customized programs to teach you and your team the skills necessary to ensure a lasting and productive relationship with your investment in VirtuCrypt technology.

Virtual Training

Online Training

Training in a virtual environment is one of the quickest and most convenient ways to learn. Xceptional Support Trainers are available for webinars, conference calls, and other virtual training services. VirtuCrypt provides cost-effective training that addresses your company’s specific needs on a schedule that fits your team’s availability.