Thales Unveils Cloud-Ready HSM to Deliver Crypto Services for Modern Applications
New RESTful API for nShield HSMs allows for more flexible, scalable cloud and enterprise deployments
Thales, leader in critical information systems, cybersecurity and data security, announces a crypto-as-a-service solution that enables organizations to deliver cryptographic services with more ease and flexibility in public, private and hybrid cloud environments.
As enterprises increasingly focus on digital business, security is seen as one of the biggest inhibitors to their digital transformations. Thales is making it easier to implement security in both traditional data center and cloud deployments by providing clientless access to its nShield hardware security modules (HSMs) through REST – compliant web services interfaces. With the rapid adoption of mobile and web-based services across the industry and the need for highly automated and efficient application deployment, the web-based REST architecture has emerged as the de facto standard for APIs connecting disparate systems.
With the new nShield HSM offering users can implement their key management and crypto functionality independently of their applications and the underlying infrastructure, which increases flexibility and minimizes the time from project inception to application deployment. Furthermore, the new service model ensures fine-grained policies can be defined based on both role and user identity, ensuring processes or users can only perform the cryptographic, management or administrative operations assigned to their role and individual identity.
With the advent of modern applications, centralized data centers and cloud environments, organizations are deploying new applications that require a flexible and scalable security infrastructure. With the new nShield capabilities organizations can now deploy a crypto processing service across multiple applications to securely generate, protect and store digital keys for their most sensitive applications. By making a RESTful API call such as ‘encrypt’ or ‘sign’ the applications can connect to an estate of HSMs without needing to understand the details of the nShield HSM environment. By utilizing the crypto services across multiple applications, organizations can scale their security infrastructure and increase utilization of their HSM estates, while supporting industry standard encryption algorithms.
Peter Galvin, vice president strategy, Thales eSecurity says:
“The REST implementation of crypto APIs is our first step along the path to our vision of crypto-as-a-service based on a completely service-oriented architecture across our entire product portfolio, offering a full multi-tenant and role-based service interface to ease the deployment of applications in high scale and cloud environments. As we evolve to provide these capabilities as a cloud service, cloud service providers will benefit from multiple roots of trust that scale across multi-tenancy environments and simple, fully automated management of our data security platform.”