SafeNet Crypto Hypervisor Whitepaper
SafeNet Crypto Hypervisor
The World´s First Crypto Hypervisor
Deliver on-demand elastic crypto services - in minutes, not days
The SafeNet Crypto Hypervisor revolutionizes the delivery of encryption. IT departments can now deliver on-demand, elastic crypto services for data protection—in minutes, not days.
For the first time, high-assurance encryption services fit the cloud operations model. Now the full cost and innovation advantages of virtualization can be exploited without compromising security or compliance. IT maintains full, centralized control of the delivery of encryption services such as key vaulting. Users have full control of their cryptographic resources knowing that other tenants and administrators cannot access their encryption keys.
Crypto Hypervisor is built on the proven hardware security module (HSM), SafeNet Luna SA, and is managed by the Crypto Command Center provisioning tool.
The Benefits of Cryptography as a Service
It is common to deploy encryption for the protection and compliance of sensitive and personal information. The security level of any encryption solution often comes down to the security of the encryption keys. Storing the keys in special-purpose hardware, such as a Hardware Security Module (HSM), is recommended by experts as a best practice. However, until now hardware encryption solutions have not provided the agility and flexibility needed in virtualized and cloud environments . Rolling out a virtual application that requires encryption, signed digital certificates, or other PKI functions can often add days or weeks to a project.
Enter Crypto Hypervisor. The first high-assurance key vaulting solution built for the cloud operational model. Enterprises can consolidate all their key vaulting and PKI services by moving away from physical HSMs to virtualized HSMs using a Crypto Hypervisor. Service Providers can add high-value key-vaulting and PKI services to their hosted and cloud offerings that allow them to administrate the HSMs but never access their customers’ keys.
Dramatic cost savings. Not only can your hardware requirements be reduced by as much as 95%, but SafeNet’s automation processes saves hours of work for each cryptographic resource.
Simplified management and administration. Self-service and encryption “catalogs” mean that crypto expertise isn’t required for crypto rollouts anymore.
Fewer security gaps. Centralized crypto expertise results in security and encryption policies that are enforced consistently across the enterprise.
Simplified audit. Centralizing control and tamper-proof audit logs saves time when proving governance, compliance and completing forensic analysis.
Fast rollout. Now an enterprise can implement encryption in a new application in minutes, not hours.
Proven: Built on the market leading SafeNet Luna SA HSMs which currently provide protection for over $1 trillion in daily financial transactions.
Innovations in the Crypto Hypervisor
As a leader in the security market, SafeNet is focused on bringing strong, innovative security solutions to next-generation environments like the cloud. The Crypto Hypervisor represents the culmination of years of research and development:
Crypto Command Center. With this management interface admins can manage hundreds of virtual HSMs and administrators can publish a list of on-demand catalog-based crypto resources for their users. This catalog is on a web page that is easy to navigate. The users are only offered services that they have permission to create.
Virtualized crypto hardware. The Crypto Hypervisor abstracts HSMs into many dynamic crypto resources that maintain access controls and user experience as if each resource were a dedicated physical HSM. The Crypto Hypervisor supports a multi-tenant environment in which many organizations can leverage the same hardware without fear of keys being lost or stolen by other tenants. Even the admins can’t access the users’ keys.
Host Trust Links (HTL). Technology securely binds virtual applications to dynamic crypto resources—so the encryption service moves with the virtual machine, preventing many types of attacks and unauthorized cloning.
Separation of roles and responsibilities in multi-tenant environments. Users maintain access to their key material while the central authority sets overall security policies.