Entrust, a leading provider of trusted identities, payments, and data protection solutions has announced the geographic expansion of its nShield® as a Service hardware security module (HSM) offerings with new datacenters located in the European Union and plans for regional expansion in the Asia Pacific region. nShield cloud HSM integrates with the most widely used applications and cloud services to support a broad range of use cases including protecting certificates, PKI, database encryption, code signing, digital signing, blockchain and many more.
Entrust nShield as a Service was initially launched in 2019 with datacenters located in the UK and the US. Entrust is now expanding its service with the official opening of multiple datacenter locations in Germany, and plans to open datacenters in Australia in early 2022. This will enable customers in these regions to take advantage of nShield cloud HSM for their applications while geo-fencing their critical cryptographic keys within their own jurisdictions to respond to concerns regarding data sovereignty and facilitate compliance with regional data protection regulations. The use of multiple sites within the countries also helps customers to meet high-availability and disaster recovery requirements. Entrust nShield as a Service delivers the same functionality as on-premises nShield HSMs, in a subscription-based solution. As such, nShield as a Service enables the generation, access, and protection of cryptographic key material using dedicated FIPS 140-2 Level 3 and Common Criteria EAL4+ certified nShield HSMs, without the need to host and maintain the appliances.
“Today’s enterprises are moving more of their core business applications to the cloud. The expansion of nShield as a Service into new datacenters facilitates geo-fencing to help meet cloud data security, data sovereignty mandates and regulatory compliance,” said Cindy Provin, Senior Vice President and General Manager for Digital Identity and Data Security at Entrust.
Whether embarking on a complete or selective cloud migration, nShield as a Service makes it easy to implement a cloud-first, hybrid, and multi-cloud encryption strategy that enables consistent enforcement of security policies. Entrust nShield as a Service works in unison with the major cloud service providers (CSPs) including Microsoft Azure, Amazon Web Services (AWS) and Google Cloud, while giving customers flexibility, visibility, and control of their cryptographic keys throughout their lifecycle. With this level of control, customers can migrate to the cloud with the assurance that they can also keep an on-premises environment running for specific regulatory needs.
“Beyond compliance aspects, modern application teams are also increasingly tapping into cloud-based services as part of their development and deployment processes,” added Provin. “This business shift runs into tension when applications rely on HSMs, which have primarily been on-premises devices that require attention from high-skilled personnel. As organizations consider future security requirements, they increasingly look for tools that align with their specific hybrid and multi-cloud model. The expansion of nShield as a Service, which is part of an Entrust global outreach, addresses the security needs of cloud markets worldwide. The new datacenter locations will also enable Entrust to expand its other cloud-based service offerings, across the regions.”
Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrated HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and applications security for enterprise, financial and government organizations, by generating, safeguarding, and managing cryptographic keys on behalf of applications. The unique nShield Security World key management architecture enforces important separation of duties with dual controls that segregate security functions from administrative responsibilities. A secure execution environment also enables customers to run sensitive application code within the secure hardware boundary whether deploying on premises or as a service.