nShield Bring Your Own Key

nShield BYOK uses certified HSMs to strengthen the security of your sensitive data in the cloud and puts you in control of the generation, storage and export of your keys

nShield Bring Your Own Key (BYOK)

With nShield Bring Your Own Key (BYOK), you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys.

Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.

Download our Solution Brief to learn more about how nShield BYOK gives you greater control over your keys.

Safer key management

Backed by FIPS 140-2 Level 2 and 3 nShield HSMs, nShield BYOK helps you adopt safer key management practices that strengthen the security of your sensitive data in the cloud.

Stronger control over your keys

With nShield Bring your Own Key, you use your own nShield HSMs in your own environment to create, store and securely export your keys to the cloud.

Superior key generation

nShield HSMs use a certified, high-entropy random number generator to create keys of higher quality than typically generated in software.

Certified hardware root of trust

nShield BYOK is based on nShield Edge, Solo and Connect HSMs, which are certified to FIPS 140-2 Level 2 and 3. This certification ensures that nShield HSMs have been tested to stringent standards, including for their tamper-resistance features. See our product pages for complete lists of standards these platforms comply with.

nShield BYOK for Microsoft Azure

You can bring your own keys (BYOK) to your cloud applications. If you’re using Microsoft Azure, you will generate your keys on premises, and then securely transfer your keys to the nShield HSM running within the Azure infrastructure. With this approach, you get HSM-backed security at both ends. You can also store and manage your master keys in your on-premises nShield HSM.

nShield BYOK for AWS and GCP

If you’re using AWS or GCP, you will generate your keys on premises, and then lease your keys to AWS or GCP for temporary use in the cloud. After a pre-determined time period, your keys in the cloud will be destroyed. If needed, you can again lease the keys stored in your HSM. You can also store and manage your master keys in your on-premises nShield HSM.

Multi-cloud Service

nShield BYOK lets you choose your cloud service provider, even from the same HSM. Your on-premises nShield HSM will send keys to whichever cloud provider you choose, whenever you choose.

Related Products

nShield Connect HSMs

Networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.

Learn More

nShield Solo HSMs

PCI-Express card-based HSMs that deliver cryptographic key services to applications hosted on individual servers and appliances.

Learn More

nShield Edge HSMs

USB-connected desktop HSMs that provide convenience and economy for environments requiring low-volume cryptographic key services.

Learn More
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information… Joe Majka,Chief Security Officer
Want to be part of our team? Explore
Get in contact with a specialist Contact Us