OVHcloud Managed HSM

What's an HSM?

A Hardware Security Module (HSM) is a dedicated, tamper-resistant hardware appliance designed to securely store, manage, and use sensitive cryptographic keys. They are commonly used in high-security or regulated environments, such as finance, government, and healthcare, where data protection is paramount. By providing a secure, certified and isolated environment for sensitive data, HSMs help prevent unauthorized access, tampering, and data breaches while allowing your infrastructure to be compliant with the highest compliance requirements.

OVHcloud HSM offers

OVHcloud is introducing a range of HSM offers to cater to different customer needs. Our HSM offerings include:

• Shared HSM: A mutualized, fully managed by OVHcloud HSM solution.
• Managed HSM: A dedicated HSM partition with high availability managed by OVHcloud
• Dedicated HSM: A dedicated HSM appliance for customers with the highest compliance requirement 

Discover OVHcloud Managed HSM

With OVHcloud Managed HSM, you can access to your own cluster of HSM partitions.
Manage your keys directly on the HSM using our dedicated CLI, and let OVHcloud handle HSM initialization and key replication across multiple partitions.

Key Benefits:

• Choose the primary location of your HSM partition and replica location.
• Manage high volumes of cryptographic keys with a high number of operations per second.
• Dedicated CLI for key management and PKCS#11 driver for product integration.
• Automated replication across multiple HSM partitions.

Simplified Management:
Focus on cryptographic key management without the hassle of configuring the HSM itself. Initialization, high-availability and monitoring is fully managed by our dedicated team.

The roadmap for OVHcloud Data Security is available on GitHub: https://github.com/orgs/ovh/projects/16/views/11
 

HSM Vendor Selection

At OVHcloud, we prioritize sovereignty by partnering exclusively with European vendors that meet the highest security standards, including EAL4+ and FIPS 140-2 level 3 certifications. To ensure maximum flexibility and control, we've designed our system and infrastructure to be vendor-agnostic.
For the initial deployment of our Managed HSM offer, we've selected Thales Luna HSM as our partner in the first regions to be rolled out. 

How does it work?

Direct usage of HSM partitions

Manage your cryptographic keys by directly interacting with the HSM cluster. OVHcloud provides a PKCS#11 driver and CLI to integrate your product with the HSM cluster for encryption or signing.

Simplified HSM Management

Create your HSM cluster and choose all the region where you want to have a partition. 3 partitions on all Paris's AZ ? or 1 partition in Erith and 1 partition in Limburg? it's completely up to you.
Locate your partitions close to your workload, and let OVHcloud handle the replication of all cryptographic assets across the cluster.

Communicate with the closest HSM Abstraction Layer of your workload to access to your Managed HSM cluster. The HSM Abstraction Layer enables us to abstract the complexity of managing the HSM, allowing us to remain completely vendor-agnostic. This means that you can use our PKCS#11 driver without worrying about the underlying HSM vendor or technology.

Integration with OVHcloud products

Use your Managed HSM as a backend when creating a key with OVHcloud KMS. This way, all OVHcloud products compatible with OVHcloud KMS can use this key, ensuring that it's safely stored on your own Managed HSM.

What’s next on the roadmap?

Upcoming features:

• Dedicated HSM: Dedicated appliance for highest compliance requirements

Subscribe now!

Stay informed about the next OVHcloud Managed HSM releases: