Crypto Service Gateway allows businesses to deliver HSM Cryptography as a Service. Gone are the days where each business application manages its own security policies, encryption keys, crypto hardware and compliance requirements. With CSG, you have complete overview and control of your organization's cryptographic hardware, policy enforcement, logging & auditing and key management.
The CSG provides your business with an infrastructure which acts as a central control center for all your HSMs. The CSG helps ensure the very best in availability and performance of your HSMs. It will securely, transparently and efficiently distribute crypto tasks between all available HSMs, regardless of vendor.
The CSG’s central admin client allows administrators to more effectively and efficiently do their job. A maintenance operator can easily disable or add an HSM in a few clicks with zero downtime to the applications calling the CSG.
In addition to the management abilities given to operators, the CSG provides a detailed monitoring interface to distill the essential information needed to keep the infrastructure and HSMs in good standing. This data allows operators to not only monitor the status of the entire system but also the health and activity on individual HSMs.
CSG allows security teams to regain control of crypto and reduce the risk of attack. CSG uses a central policy file in a similar way to a set of firewall rules - unless something is explicitly allowed it's forbidden. Security teams can grant applications just enough privilege to complete their necessary functions.
The policy file is also the place where security parameters are configured. Each permitted crypto operation is restricted to a certain mode of operation, padding, key algorithm, key-size and so on. The Security team now has full control over the parameter choices. Through the policy file, it's much easier to audit these settings when they all reside in one location.
Additionally, the security team has much greater agility through utilizing a centralized policy and can make sweeping changes to parameters without the need to touch the affected application’s code at all, (since the policy abstracts the parameters away from the API call).
CSG produces signed audit logs that capture every crypto operation and administrative changes performed by the system. In addition to making demonstrating compliance a breeze, this detailed data capture can also allow itemized billing of crypto usage.
A fundamental part of using cryptography within any company is proper key management. At Cryptomathic we split this in two parts:
1. Key Management – Managing the actual lifecycle of keys: generation, import, export, etc.
2. Key Usage – Controlling who can use the key and how they can use it
For Key Management, CSG gets the help of its sister product CKMS which provides best-in-breed key management. More details on this can be found in the “How it works” section and on the CKMS product pages.
Once keys have been provisioned from CKMS, the CSG will control the usage of these keys through its policy file. As mentioned above, only permissions explicitly stated in the policy are allowed. This gives applications zero possibility to use keys they are not allowed or to use them in the wrong way. The CSG controls key
At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.