Building on successful deployments with several leading cloud infrastructure providers, Gemalto has announced the availability of SafeNet Luna SA 6, the first HSM (hardware security module) purpose-built for service providers to offer on-demand crypto processing, key management and key storage in the cloud. The new SafeNet Luna SA delivers the performance and scalability required to protect the most demanding cloud applications and allows service providers to offer the highest levels of trust for their cloud environments by giving businesses total ownership of their encryption keys.
For many organisations, the option of purchasing and managing encryption keys on-premises does not align with their vision of using cloud-based infrastructure as on-demand services. In addition, service providers that want to offer higher levels of data protection are required to manage encryption solutions on behalf of their customers, which means increased liability and risk in terms of data access and complying with customer compliance requirements. As a result, these challenges have prevented many security conscious companies from migrating sensitive data to the cloud.
Gemalto’s SafeNet Luna SA platform changes the way service providers and organisations can manage and store encryption keys in cloud environments. With the new SafeNet Luna SA, cloud companies can provide all of the security, compliance and trust of an on-premises HSM appliance while their customers realise the cost, flexibility and performance benefits of the cloud yet still maintain complete ownership of their keys. Organisations can now also benefit by being able to choose the appropriate data encryption strategy for their business whether that be on premise, cloud-based, or hybrid key management and storage solutions.
“Gemalto’s SafeNet Luna HSM for service providers addresses a current gap in the market for encryption and key management,” said Garrett Bekker, senior security analyst at 451 Research. “Enterprises that are looking to move more resources to the cloud are realising the need for encryption and key management, but often lack the resources to deploy and manage their own encryption key management infrastructure. By packaging SafeNet Luna HSM for service providers, enterprises of all sizes can maintain control of their sensitive keys while taking advantage of the benefits the cloud provides.”
The SafeNet Luna SA can be separated into 100 cryptographically isolated partitions, with each partition acting as if it were an independent HSM. Within each partition, a given customer can assign multi-tiered levels of administrative access. The partitions themselves are designed to protect key material from other tenants on the same appliance; meaning different customers – or different lines of business within a single organisation – can leverage the same appliance without fear of losing their keys to other tenants. In addition, service provides have no access to key material stored on any HSM partition, giving their customers the confidence that only they have access to their sensitive cryptographic keys.
“When encryption and key management can be offered conveniently as a service by cloud providers, but with the same high-grade protections as if it were fully on-premises, organisations of all types can reach new levels of efficiency and security,” said Todd Moore, vice president of product management Encryption Products at Gemalto. “With our new SafeNet Luna SA, we are opening up a significant opportunity for service providers to grow revenue by offering customers the ability to control their keys and thereby bring more sensitive data and workloads to the cloud.”
The new SafeNet Luna SA expands Gemalto’s portfolio of encryption, key management and crypto management products that can be deployed by service providers to enable greater levels of security in their cloud environments. Along with the SafeNet Luna SA, Gemalto also offers the SafeNet ProtectV and SafeNet Virtual KeySecure products which provide robust full-disk encryption for virtual instances and attached storage volumes and secure key management for data encrypted by ProtectV or other third-party cloud or on-premises encryption solutions.