HSM/Key Management-as-a-Service
Customer Problem
Crypto Hypervisor as a Solution
 Perimeter security solutions are no longer
effective at preventing a breach.
 The Crypto Hypervisor , the platform for HSM/KM as
a Service, delivers the security of hardware-based
encryption with the scale, unified control, and
agility to meet the demands of cloud and virtual
infrastructure.
 Encryption works, but not all encryption is
created equal. An encryption solution is only as
good as the protection of the encryption keys,
key management and trust establishment between
applications, devices, data and users.
• Organizations are adopting a cloud strategy:
private, public or hybrid that is exasperating their
security and compliance concerns because they
can’t control their data.
 CHv meets the rigorous requirements of enterprise
customers that need to protect information that
matters, where it matters and satisfies the
demands of solution providers that want to extend
their security solution offerings.
 HSM/KM-as-a-Service revolutionizes the delivery
of encryption so that it is an enabler and
accelerator to virtualization and cloud adoption.
IT departments and service providers will be able to
establish on-demand crypto services across
datacenters, virtualized infrastructures, and the
cloud that are deployed in minutes, not days.
New Features in CHv
• Crypto Command Center
GUI Interface and Provisioning Tool
• Host Trust Links
Enhanced NTLS for strong VM to HSM Binding
• Who/What/When Audit and Log
Robust audit and logging capabilities with separate
user and auditor roles.
Target Profiles
Security Architects
Compliance Officer
CISO
IT Directors
BU Directors
Advantages
 The Strongest Security Available: The Crypto Hypervisor technology , the platform for delivering HSM/Key
Management-as-a-Service is an extension to SafeNet FIPS 140-2 Level 3 validated Hardware Security Module
(HSM) platform
 Scale: The Crypto Hypervisor creates a virtualization layer inside the HSM enabling many different organizations
to deploy high assurance key vaults on the same unit without compromising its validated security level.
 Unified Control with Auditing: The Crypto Hypervisor has a single management interface called the Crypto
Command Center (C3). C3 can manage hundreds of independent virtualized HSMs running on the Crypto
Hypervisor enabled HSMs..
 Agility: For the first time, a catalog of encryption services can be defined by the centralized administration team.
New services that used to take days to weeks to deliver can now be enabled within minutes.
Competitive Analysis –How do we stack up against the competition today?
•
•
•
•
First Hardware Security Module to support the Crypto Hypervisor.
Strongest protection of encryption keys – keys always remain in hardware!
Purposefully designed for Virtual Applications – only HSM able to bind VMs to partitions (Host Trust Links).
Only HSM-based solution that can establish Crypto-as-a-Service in enterprise AND service provider
environments.
SAFENET INTERNAL & AUTHORIZED PARTNER USE ONLY
CHEAT SHEET
4.1.13
HSM/Key Management-as-a-Service
Customer Engagement Starters
Are they using Virtualization or Cloud?
• Consolidated DC/Virtualization
• Private Cloud
• Pub Cloud
CyberSec Vulnerabilities and Breaches
• Is the customer, their competitor, or someone in their related industry in the news?
• Bad news?
• Negative press, breach related?
Do they have Audit and Compliance considerations?
• Do they have security audits planned?
• Do they have compliance considerations?
Do They Use PKI today?
• What for?
• New Solution initiative?
• Whose PKI?
The Crypto Hypervisor Bundle
Crypto Hypervisor
SafeNet Luna SA 5.2
SafeNet PED II
SafeNet Luna G5
Qualifying Questions
1.
2.
3.
4.
Does your infrastructure consist of costly “security islands” that create management challenges and make
compliance difficult?
Are you considering expanding your use of encryption?
Would you be interested in a solution that offers the same level of security as an HSM, with the scalability,
agility, and control of a Hypervisor?
Have you considered establishing Crypto-as-a-Service within your organization?
Objection Handling
• Too expensive!
• Compared to what? Is security processing required in other areas of your business? Crypto Hypervisor can
be shared across many applications!
• Have you considered the management costs of your security environment? Crypto Hypervisor makes
management a snap!
• How much revenue are they going to make with this solution in place?
• Have you ever calculated how much it would effect your business if your server keys were compromised?
• Software solutions are good enough!
• How will you protect yourself against an internal attack? How will you know you have been compromised?
• How will you meet industry or regulatory audits?
• How will you manage server performance as demand grows on your network?
• What would happen if your employees decided to steal your server keys?
• What would happen if your root keys were lost completely or destroyed?
• We do not require an audit of our systems!
• If someone questioned your design, would it be useful to be able to justify your solution based on industry best
practices?
SAFENET INTERNAL & AUTHORIZED PARTNER USE ONLY
Available Marketing Resources:
Product Briefs:
• Luna SA
• Crypto Hypervisor
Whitepapers:
• Crypto Hypervisor
• Crypto Command Center
• Host Trust Links
Videos:
• CHv YouTube Video
• CCC On Demand Demo
PowerPoint:
• CHv Sales Deck for Customers
CHEAT SHEET
4.1.13