Public Cloud Integration
Native Cloud HSM Connection
Seamlessly integrate your public cloud instances with VirtuCrypt cloud HSM services to secure the many benefits of cloud encryption & key management.
Cloud Hardware Security Modules (HSM)
All VirtuCrypt cloud services are powered by industry-leading hardware security modules (HSM) from Futurex and rely on Futurex applications for the VirtuCrypt Intelligence Portal (VIP) management interface. VirtuCrypt instances are located in multiple high-security data centers around the world. With VirtuCrypt cloud HSMs, businesses can utilize some of the most powerful cryptographic devices available today through native public cloud integration to support financial & general purpose cryptographic processing.
Financial Cloud HSM
Direct Integration
An increasingly popular choice for public cloud usage is direct integration with other services and applications housed outside the public cloud. Integrating on-premises hardware with cloud-based applications or connecting Software-as-a-Service (SaaS) solutions to separate cloud applications has allowed for sharing and unifying data and improving connectivity and visibility. Additionally, there are many benefits to integrating cloud HSMs with public cloud platforms which includes cost-effectively adding redundancy and automating disaster recovery schemes.
Benefits of Integrating Cloud HSMs
Multi-Region Crypto Processing
Enable a single cloud HSM to connect with multiple public cloud regions. Multiple applications can simultaneously connect to VirtuCrypt cloud HSMs through the public cloud from varying global regions.
Available Cloud Services
VirtuCrypt cloud HSMs can be utilized just like many other public cloud services made available on the provider service marketplace. For instance if an organization is already using Amazon AWS, the onboarding and renewal of the service is managed via AWS Marketplace.
High Availability & Disaster Recovery
Ensure high fault tolerance by configuring cloud HSMs to be highly available and have full disaster recovery capabilities. Cloud HSMs can be configured and automated as failover devices in the event regional processing resources are unavailable.
Cloud Elasticity
Continue to intelligently grow your cloud footprint by creating secure HSM environments that can scale on demand while also accomplishing system updates and maintenance without taking core systems offline.
Benefits of Integrating Cloud HSMs
Multi-Region Crypto Processing
Enable a single cloud HSM to connect with multiple public cloud regions. Multiple applications can simultaneously connect to VirtuCrypt cloud HSMs through the public cloud from varying global regions.
Available Cloud Services
VirtuCrypt Cloud HSMs can be utilized just like many other public cloud services made available on the provider service marketplace. For instance if an organization is already using AWS, the onboarding and renewal of the service is managed via Amazon Marketplace.
High Availability & Disaster Recovery
Ensure high fault tolerance by configuring cloud HSMs to be highly available and if needed in a disaster recovery scenario can act as failover devices in the event regional HSMs go down or are overwhelmed.
Cloud Elasticity
Continue to intelligently grow your cloud footprint by creating secure environments that can scale with a click of the mouse (or touch of the finger with Excrypt Touch) based on demand while also accomplishing system updates and maintenance without taking core systems offline.
Secure Onboarding
When working with VirtuCrypt to harden your HSM and key management infrastructure, security is established from the source, removing any possibility of process-related risks or errors. Our onboarding process is designed with compliance, security, and ease of use in mind. VirtuCrypt follows a standardized onboarding process which has been validated by independent third-party auditors for adherence to compliance requirements.
Onboarding Process
- Completion of forms and due diligence to validate personnel
- Creation of a VIP account
- Download client certificate
- Network setup and validation
- Load major keys and network keys
Integration Components
CryptoVerse
Utilizing a PKI managed by VirtuCrypt, a Cryptoverse isolates which services the public cloud applications have access to. A Cryptoverse is used to ensure mutual authentication and strong encryption with all endpoints, whether those are cloud HSM services, incoming connections to VirtuCrypt, access points like load balancers and edge systems, or client applications.
CryptoTunnel
A CryptoTunnel defines the connection parameters to VirtuCrypt. It consists of a name, the Cryptoverse used to authenticate incoming clients, the service that the tunnel will be routed to (the cloud HSM), the incoming channel (Internet, public cloud, etc.), the public cloud provider, the region of the public cloud that will be operated in, and any information that must be whitelisted.
VirtuCrypt Access Point (VAP)
A VirtuCrypt Access Point (VAP) is a VirtuCrypt-owned Virtual Private Cloud. Virtual Private Clouds allow for a logically separated section of the public cloud where an organization, in this case VirtuCrypt, defines its own virtual network. The VAP enables access to VirtuCrypt from a public cloud in a secure manner without directly transiting the Internet, and it also offers connectivity for a range of other access methods.
EndPoints / Private Link
The endpoint allows your organization to access VirtuCrypt in the public cloud. An endpoint must be designated on the VirtuCrypt Access Point to create the communication channel between the public cloud and the VirtuCrypt cloud HSM.
Configuration & Monitoring
The VirtuCrypt Intelligence Portal (VIP) is the primary method through which users manage their cloud encryption services. The VIP is a secure website for configuring and reviewing all VirtuCrypt services. The intuitive dashboard allows for secure management and monitoring of your entire cloud HSM environment, audit logs, and tracking account activity from a single location.
Public Cloud Integration - Amazon Web Services (AWS)
An example of a public cloud provider that can be integrated with financial cloud HSMs is Amazon Web Services (AWS). Through AWS, you can create a Virtual Private Cloud (VPC) that can connect to VirtuCrypt. A VPC allows for a logically separated section of the cloud where your organization can define its own virtual network and handle workloads. These VPCs are deployed per AWS region.
AWS Marketplace
Another benefit of integrating cloud HSMs with AWS is the full integration with the Amazon Marketplace. As one of the largest and most widely used cloud platforms, AWS has a multitude of services that can be utilized for hosting applications & infrastructure with global availability. Using the Amazon Marketplace helps with the onboarding as well.
- Financial Acquiring
- Financial Issuance
- P2PE
Integrate Financial Cloud HSMs with Public Clouds
As the demand for cloud services increases and many financial acquiring, issuing, and Point-to-Point Encryption application providers take a cloud-native approach, organizations are also starting to look to their financial hardware security module vendors for native cloud solutions. You can learn more about financial cloud HSMs utilization and integration by downloading our white paper or book a personalized product demo with a VirtuCrypt Solution Architect.
Want to learn more?
Learn how VirtuCrypt is powered by Futurex hardware. © 2022 | VirtuCrypt
Multi-Site Redundancy
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.