SECURITY YOU CAN TRUST
nCipher Security’s nShield Hardware Security Modules (HSMs) are hardened, tamper-resistant devices that protect your company’s most sensitive data. These FIPS 140-2 certified modules perform cryptographic functions such as generating, managing and storing encryption and signing keys, as well as executing sensitive functions within their protected boundaries.
nShield HSMs also support a wide range of cryptographic algorithms, including elliptic-curve cryptography algorithms that deliver high-speed transactions ideally suited to today’s compact computing environments, as well as the industry’s most widely used operating systems and APIs.
The nShield family
To suit your specific environment, the nShield family of general purpose HSMs includes the following models:
nShield Connect
nShield Connect HSMs are FIPS-certified appliances that deliver cryptographic services to applications across the network. These tamper-resistant platforms perform such functions as encryption, digital signing and key generation and protection over an extensive range of applications, including certificate authorities, code signing, custom software and more nShield Connect HSMs are available in two series: classic nShield Connect+ HSMs and the high-performance nShield Connect XC HSM series.
nShield Solo
The Solo is a PCIe card for embedding in appliances or servers that delivers cryptographic services to applications hosted on a server or appliance.
nShield Solo HSMs are available in two series: classic nShield Solo+ HSMs and the high-performance nShield Solo XC HSM series.
nShield Edge
The Edge is a portable USB-based desktop device designed for convenience and economy. The Edge is ideal for developers as it supports applications such as low volume root key generation and offers an entry level security solution. The edge is also a perfect solution for off-line key generation for certificate authorities (CAs), low cost HSM development and Cloud Bring you Own Key (BYOK) environments.
CLOUD-FRIENDLY WEB SERVICE INTERFACES
The optional nShield Web Services Crypto API streamlines the interface between your applications and HSMs by executing commands through web service calls. This innovative approach facilitates deployments by removing the need to integrate applications directly with nShield, and eliminates dependencies on OS and architecture design choices. A cloud-friendly solution, the Web Services Crypto API interfaces with applications hosted in the cloud as well as in traditional data centers.
- Access to high security data protection solution from cloud, data center or on-premises applications
- Streamlined, easy connection to nShield hardware security module cryptographic services
- Simple deployment eliminating the need for client-side integration
- Flexible OS and architecture support
STRONGER KEY MANAGEMENT FOR YOUR CLOUD DATA WITH NSHIELD BYOK
nShield BYOK lets you generate strong keys in your on-premises nShield HSM and securely export them to your cloud applications, whether you use Amazon Web Services, Google Cloud Platform, Microsoft Azure— or all three. With nShield BYOK, you strengthen the security of your key management practices, gain greater control over your keys and ensure that you are sharing in the responsibility of keeping your data secure in the cloud.
- nShield BYOK brings you the following benefits:
Safer key management practices that strengthen the security of your sensitive data in the cloud - Stronger key generation using nShield’s high entropy random number generator protected by FIPS-certified hardware
- Greater control over keys—use your own nShield HSMs in your own environment to create and securely export your keys to the cloud
STREAMLINED OPERATIONS USING REMOTE MONITORING AND MANAGEMENT
nShield Monitor and nShield Remote Administration, available for nShield Solo and Connect HSMs, help you cut operational costs while staying informed and in command 24×7 of your HSM estates.
nCipher’s remote monitoring and management products help you to:
- Optimize HSM performance, infrastructure planning and uptime using nShield Monitor to inform your staff about load trends, usage statistics, tamper
events, warnings, and alerts - Reduce travel costs and save time by managing HSMs through nShield Remote Administration’s powerful and secure interface
CODESAFE – SECURE EXECUTION ENVIRONMENT
In addition to protecting your sensitive keys, nShield Solo and Connect HSMs also provide a secure environment for running your proprietary applications.
The CodeSafe option lets you develop and execute code within the nShield’s FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.
CodeSafe helps you to:
- Achieve high assurance by executing sensitive applications and protecting application data end points inside a certified environment
- Protect security-sensitive applications against hazards such as insider attacks, malware and advanced persistent threats
- Eliminate the risk of unauthorized application changes or malware infection using code signing
Certification to industry standards
nCipher’s adherence to rigorous standards helps you demonstrate compliance in regulated environments while delivering high confidence in the security and integrity of nShield HSMs. Below is a partial list of the standards to which we comply. Complete lists are available on our website and in our data sheets.
FIPS 140-2
Recognized globally, FIPS 140-2 is a U.S. government NIST standard that validates the security robustness of cryptographic modules. All nCipher nShield HSMs are certified to FIPS 140-2 Level 2 and Level 3 and are available for purchase at either level.
COMMON CRITERIA AND EIDAS COMPLIANCE
nShield Solo+ and Connect+ models are certified to Common Criteria (EAL) 4+ and are also recognized as qualified signature creation devices (QSCDs). As QSCDs, nShield HSMs are qualified to serve as the security backbone of European digital signature (eIDAS) and other globally recognized solutions including authentication services, digital signing and time stamping.
ID-3 Personal Touch
A specialist supplier with industry experience can provide the assurance that you are speaking to the right person. We pride ourselves on being at hand to assist your delivery throughout its life-cycle. A single call to connect you to HSM expertise which you simply wont find at general re-sellers.
ID-3 Service Support
Unlike other re-sellers ID-3 is the UK’s only service led consultancy and re-seller who can offer comprehensive assistance for nShield and its associated management tools to support your service delivery.
ID-3 offers rapid over the phone or email advice and support to its customers from our team of in-house experts without depending on the vendors.
ID-3 has a proven track record of delivering HSMs into highly regulated environments and can offer an extensive range of professional service options and training options to help any team correctly implement the nShield in to any regulated environment.
Documentation Support
Procedures are critical to every service. ID-3 HSM procedures are available to our customers via download from our portal and customised for your environment removing the arduous task of needing to become expert prior to business as usual handover and reducing the time it takes to get the service into production.
The spectre of poor HSM procedures
26th April 2019 by Elton Jones @ID-3 In this article, we briefly outline the challenges faced by regulated organisations that need procedural control over their HSM estate. It provides an insight into the level of awareness, lack of resources and expertise that pose significant challenges in production system adoption. The need for procedures Regulation […]
