nShield Cloud Integration Option Pack

With Cloud Integration Option Pack you can use your nShield HSMs to generate, store, and manage the keys you count on to secure your sensitive cloud-hosted applications

nShield Cloud Integration Option Pack

The Cloud Integration Option Pack (CIOP) provides users of cloud services the ability to generate keys in their own environment and export them for use in the cloud while having confidence that:

  • Their key has been generated securely using a strong entropy source.
  • The long term storage of their key is protected by a FIPS-certified HSM.

The following cloud services are supported:

  • Amazon Web Services (AWS)
  • Google Compute Engine (GCE)
  • Microsoft Azure Key Vault (using the Azure BYOK mechanism)1

Note 1: For customers seeking a higher level of assurance, Microsoft offers nCipher BYOK. The nCipher BYOK method provides additional assurances that the key permissions created at generation time are preserved during the transfer to Microsoft Azure Key Vault. In addition Microsoft make use of the nCipher Security World to restrict key use to a specified Azure region.

This method does not require the purchase of CIOP. See https://docs.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-ncipher for more information.

Use FIPS 140-2 certified nShield HSMS to manage your keys

When sensitive data resides in your cloud-hosted applications, you can rely on your FIPS 140-2 Level 3 certified nShield HSMs to generate and wrap your keys, and securely deliver them to your cloud applications.

Control the availability of your keys

You exclusively control your nShield HSMs, whether on your own premises or in the nShield as a Service environment. Therefore, you decide when keys are generated and exported. By controlling the master copy, you also control when and whether further exports to your cloud provider occur.

Choose your cloud provider

With CIOP, you decide which cloud provider to use for each key. This gives you the flexibility to choose the right cloud from your on-premises or as a service nShield environments for your different applications, while benefiting from nShield high-assurance key generation and protection.

CIOP is supported on all current nShield HSM models.

Requires nShield Security World Software v12.60 and firmware v12.60 or later for Azure BYOK

Requires nShield Security World Software v12.40 software for AWS and Google Compute Engine

This release has been tested for compatibility on a range of platforms including:

  • Microsoft Windows Server 2019 x64 and 2016 x64
  • Microsoft Windows 10 x64 and 7 x64
  • Red Hat Enterprise Linux 7 x64 and AS/ES 6 x86/x64
  • SUSE Enterprise Linux 12 x64 and 11 x64
  • Oracle Enterprise Linux 7.6 x64 and 6.10 x64

Prior to installing the Cloud Integration Option Pack, ensure that nShield Security World software has been installed.

Data Sheet: Cloud Integration Option Pack

Provides users of public cloud services with the ability to generate cryptographic keys in their own environment and retain control of those keys while making them available, as required, for use in the cloud of their choice


Data Sheet: nShield Connect HSMs

nShield Connect HSMs are certified, networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.


Data Sheet: nShield Solo HSMs

nShield Solo HSMs are certified PCI-e card-based solutions that deliver cryptographic key services to applications hosted on individual servers and appliances.


Datasheet : nShield as a Service

Subscription-based access to dedicated nShield Connect HSMs, enabling cloud-centric strategies while maintaining the strict security controls required for business-critical applications.


White Paper : The nCipher Security World Architecture

The nCipher Security World architecture supports a specialized key management framework that spans the entire nShield family of general purpose hardware security modules (HSMs). Whether deploying high performance, shareable, network-attached HSMs appliances, host-embedded HSMs cards or USB-attached portable HSMs, the Security World architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices.

Want to be part of our team? Explore
Get in contact with a specialist Contact Us