nShield Cloud Integration Option Pack
The Cloud Integration Option Pack (CIOP) provides users of cloud services the ability to generate keys in their own environment and export them for use in the cloud while having confidence that:
- Their key has been generated securely using a strong entropy source.
- The long term storage of their key is protected by a FIPS-certified HSM.
The following cloud services are supported:
- Amazon Web Services (AWS)
- Google Compute Engine (GCE)
- Microsoft Azure Key Vault (using the Azure BYOK mechanism)1
Note 1: For customers seeking a higher level of assurance, Microsoft offers nCipher BYOK. The nCipher BYOK method provides additional assurances that the key permissions created at generation time are preserved during the transfer to Microsoft Azure Key Vault. In addition Microsoft make use of the nCipher Security World to restrict key use to a specified Azure region.
This method does not require the purchase of CIOP. See https://docs.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys-ncipher for more information.