Gemalto has announced the availability of three new cloud-based Hardware Security Module (HSM) services, HSM On Demand for CyberArk, HSM On Demand for Hyperledger and HSM On Demand for Oracle TDE. Each service is available through the SafeNet Data Protection on Demand platform, a marketplace of cloud-based HSM, encryption and key management services that easily integrates with most widely used cloud services and IT products to protect data wherever it is created, accessed or stored.

The rapid adoption of cloud and digital services has made it difficult for organizations to secure data and identities that are created, stored and managed outside the perimeter. While organizations recognize that data encryption is the optimal solution to secure sensitive information, they can be challenged by the cost and complexity of deploying encryption, including Hardware Security Modules to secure their cryptographic operations. Gemalto’s SafeNet Data Protection On Demand solves these challenges by providing cloud-based HSM services that and can be deployed in minutes without the need for highly skilled staff. Gemalto, a leader in the HSM market, is proven to help customers secure their encryption keys and data across cloud, hybrid, and on-premises environments.

“A worsening threat landscape, combined with aggressive cloud adoption and evolving privacy regulations, have presented complex new challenges related to encryption, privileged access and financial transactions,” says Todd Moore, senior vice-president of encryption products at Gemalto. “Our newest Cloud HSM On Demand services help organizations stay in front of new threats and regulations, by easily deploying an HSM solution for the strongest possible key management and security practices, all while providing fast, easy set-up, with remarkable savings over traditional approaches involving specialised hardware and skills.”

“Many organizations would like to deploy data security more broadly, but are often wary due to concerns about complexity, cost and staffing requirements, particularly with respect to encryption and key management,” says Garrett Bekker, principal analyst at 451 Research. “The release of SafeNet Data Protection On Demand was a positive step towards addressing those concerns, and extending its cloud HSM capability to newer use cases like blockchain, database security and privileged credentials is a logical and timely move.”

HSM On Demand for CyberArk works seamlessly with CyberArk’s Privileged Access Security Solution, providing private key protection and strong entropy for key generation for system keys.. By securing the master key and ensuring that it is hosted in a secure vault, HSM On Demand for CyberArk mitigates the risk of the master key being exposed or compromised.

HSM On Demand for Hyperledger provides trust for blockchain transactions by securing the cryptographic keys that sign them. It protects digital wallets, while ensuring keys are readily available in the cloud once access is granted. The service provides high assurance security in data centers and the cloud, enabling multi-tenancy of blockchain identities per partition as proof of transaction and for auditing requirements. It also delivers performance improvements resulting from off-loading cryptographic operations from application servers to the HSM on Demand service.

HSM for Oracle TDE (Transparent Data Encryption) solves the challenge presented by locally stored encryption keys by protecting them with a master key, stored in a separate service key vault. This ensures that only authorized services are allowed to request the local key to be decrypted. If an attacker steals the database, it is encrypted and inaccessible, since the attacker does not have access to the keys that are securely stored on the HSM.