Managing Keys with Dedicated Hardware is Manual and Rigid
Virtualizing IT infrastructure is critical for supporting multi-cloud decentralized environments, controlling IT costs, providing operational efficiency and supporting business agility. Yet when it comes to key management, today many organizations rely on hardware–based implementations. This leads to a lengthy, complicated, cumbersome and manual processes, from procurement to initial setup to ongoing maintenance, backup, etc. Peaks in demand are hard to meet as any capacity increase requires additional dedicated and costly hardware that must be shipped, installed and manually in advance, well in advance. High availability and disaster recovery further complicate the issue, requiring significant resources that aren’t necessarily available when your business needs them.
Agile, Automated and Secure Key Management
Unbound’s virtual HSM® (coupled with Unbound Key Control) solution enables elastic and flexible key protection. Leveraging breakthroughs in Secure Multiparty Computation (MPC) technology, keys are protected with hardware-grade, FIPS 140-2 Level 2 validated security while providing the all the benefits of modern software. It requires minimal efforts to setup, use and maintain in any on-premises and/or cloud environment and in a variety of application delivery models, including containers. Key and user management operations can be fully automated and orchestrated using the CLI or REST API, giving you the ability to scale up or down, create partitions and users, register clients and revoke keys immediately across your entire decentralized global infrastructure from a single plane of glass.
No dependency on underlying hardware and physical infrastructure.
Supports hybrid multi-cloud environments and application delivery models, including VMs and containers.
Scale key management infrastructure up and down instantly and cost-effectively support any number of workloads.
Supports PKCS11, KMIP, CNG, OpenSSL, Java Crypto, etc, REST API, PII protection via tokenization and FPE.
FIPS 140-2 Levels 1&2 Validated, with Level 3 Design Assurance.
There’s more you can do with the Unbound NextGen vHSM®…
Check out our additional videos on how the Unbound NextGen vHSM integrates with Splunk, code signing in Visual Studio, enable certificate enrollment with Microsoft CA, and secure transfer of keys in MongoDB via KMIP.
In this video, we’ll show you how to integrate Unbound Key Control (Key Management + the NextGen vHSM®) with a SIEM, in this case Splunk. This allows you to extensively audit cryptographic or administration events occurring in your security infrastructure, with dashboards detailing crypto usage over time, audit events for a specific use-case, or to highlight any anomalies.
In this video we’ll show you how Unbound Key Control (UKC) + the NextGen vHSM® can secure and manage your app-level encryption keys, and thus your applications’ sensitive and critical data.
In this video, we’ll show you how Unbound Key Control + the NextGen vHSM® can sign code in Visual Studio, and protect the associated code signing certificate allowing end-users to verify that the code was not tampered with.
In this video, we’ll show how you can protect your Microsoft CA root certificates from unauthorized access with Unbound Key Control (UKC) + the NextGen vHSM®. By protecting the root certificate’s private key, you can ensure that enrollment of Microsoft CA certificates for users, machines and services is in the right hands.
This video will show you how you can protect sensitive information in your MongoDB servers by securing and managing MongoDB encryption keys with Unbound Key Control (UKC) + NextGen vHSM®.
See how an eCommerce vendor scales up and down on-demand
A large eCommerce retailer is planning capacity for its website and preparing for peak events such as Cyber Monday, where website traffic is likely to grow by 40% or more compared to average days. Conscious of the severe threat of an SSL-certificate compromise, they use HSMs to secure their SSL certificate. Below is a comparison of the two capacity planning scenarios, one that uses HSMs and one that uses Unbound.
Hardware Security Module (HSM)
As website unavailability means immediate business loss for the retailer, and the ability to scale the HSM setup to reply to demand within reasonable timeframe doesn’t exist, the website setup must include a large HSM cluster with the capacity to support 200% of average day traffic. This leads to immensely poor infrastructure utilization. Moreover, if an unlikely event happens requiring even more capacity, website availability will be impacted.
Unbound Key Control (UKC)
When using UKC to protect the SSL certificates, capacity planning is easy and inexpensive due to the elasticity created by abstraction of the hardware – without any compromise on the security. UKC runs on standard VMs and containers, and is deployed and configured to scale up/down at need, just like any other application. It scales up and down immediately, adjusting to the application requirements on time.