HSM Vendors

HSM Vendors We Support (Vendor-Neutral)

Why us: SafeCipher is vendor neutral. We design, deploy, and operate HSM estates across on-prem, cloud, and hybrid environments. We also extend/take over support contracts, negotiate new terms, and manage procurement (quotes, sizing, spares, RMAs, renewal co-terming, trade-ins/EOL refresh). Our engineers handle PKCS#11/CNG/JCE/KMIP integrations, FIPS 140-3 alignment, key ceremonies, HA/DR, and lifecycle ops.

On-Prem & Network HSMs

  • Entrust (nCipher) – nShield Connect
    Design and deploy Security World architectures, OCS/SO stores, and CodeSafe. Partitioning, HA/DR clusters, client libraries, firmware upgrades, and 140-3 migration. We broker renewals and new appliance procurement, including spares and licenses.
  • Thales SafeNet – Luna Network HSM
    STC/NTLS configuration, partitioning, PED/Blue PED ops, HA groups, and client toolchains. TR-31/Payments add-ons where applicable. We handle support extensions, RMAs, and Luna 7 refresh cycles.
  • Utimaco – SecurityServer Se Gen2
    Cluster design, simulator-to-hardware cutovers, key import/export workflows, and KMIP/PKCS#11 integrations. Procurement assistance for modules, licenses, and performance upgrades.
  • Futurex – Vectera Plus (strong in payments)
    EMV/PIN/DUKPT/3-D Secure use cases, TR-31 key blocks, issuer/acquirer integration, and audit evidence packs. We negotiate PCI PTS HSM-aligned support SLAs and manage version/firmware uplift.
  • Crypto4A – QxHSM
    Policy-centric deployments, quantum-aware roadmaps, and modern signing services. We assist with evaluations/PoCs, capacity planning, and supply logistics.
  • I4P – Trident HSM
    High-assurance deployments with dual-control workflows, application SDK integrations, and HA/failover patterns. We coordinate vendor support and hardware replacements.
  • Marvell – LiquidSecurity HSM
    High-throughput TLS/code-signing farms and validator/signing pools. We size clusters, integrate SDKs/drivers, and manage firmware lifecycles and spares.
  • Securosys – Primus X-Series
    Partitioned multi-tenant setups, remote HSM access (HSMaaS models), and Swiss-hosted compliance postures. We manage SLAs, upgrades, and procurement for growth.
  • Yubico – YubiHSM 2 (lightweight / embedded / edge)
    App-level key protection for servers/dev tools, audit logging, and secure boot/signing. We create rollout playbooks at scale and supply kits with support co-term.

Key Managers & Crypto Platforms

  • Atalla (HPE) – Enterprise Secure Key Manager (ESKM)
    Central key custody, KMIP clients, envelope encryption, and tokenization patterns. We migrate from legacy KMS, tidy up policies, and align support renewals with hardware refresh.
  • Fortanix – Data Security Manager (DSM)
    SGX-backed/services KMS/Tokenization/MAC, external key management for cloud services, and app integration via REST/KMIP. We handle subscription sizing, HA, upgrades, and proof-of-compliance packs.

Cloud & Managed HSM Services

  • Marvell via AWS CloudHSM – LiquidSecurity (AWS CloudHSM)
    VPC-attached clusters, PKCS#11/JCE/CNG clients, scaling and backup strategy, multi-AZ HA, and BYOK/HYOK patterns with KMS. We manage AWS contracts, quotas, and growth planning.
  • IBM – Hyper Protect Crypto Services
    Dedicated partitions with FIPS validation and hardware isolation. We integrate with IBM Cloud services, define HA/DR, and handle subscription/support alignment.
  • Thales via Azure Dedicated HSM – Luna 7 A790
    Dedicated single-tenant HSMs on Azure with NTLS/STC, partitioning, and workload mapping. We procure, deploy, and integrate with AKV, Confidential Computing, and logging.
  • Google Cloud – Cloud HSM
    Regional clustering, KMS integration, key import/wrap, and signer throughput tuning. We manage tenancy, quotas, and support tickets; design DR across regions.
  • Oracle Cloud – OCI Dedicated HSM
    HSM tenancy, OKMS integration, and OCI networking/HA patterns. We coordinate Oracle contracts and phased migrations from on-prem HSMs.
  • nCipher via Oracle Cloud – nShield as a Service
    Security World in the cloud, client tooling, and policy/OCS/SO management. We negotiate service terms, plan cutovers, and provide runbooks for incident response.

What We Handle (for every vendor above)

  • Procurement & Contracts: Pricing/quotes, vendor evaluations, PoCs, EOL trade-ins, co-termed renewals, SLAs (24×7/BH), spares and RMA logistics.
  • Deployment & Integration: Rack/host build, network hardening, PKCS#11/CNG/JCE/KMIP clients, app onboarding (PKI, TDE, code signing, payments, blockchain).
  • Operations & Support: Monitoring, capacity/perf tuning, firmware patching, CMVP tracking, backups/escrow, HA/DR testing, and audit-ready documentation.
  • Migrations & Upgrades: FIPS 140-2 → 140-3 transitions, vendor-to-vendor moves, on-prem ↔ cloud shifts, provenance-preserving re-wraps, and algorithm modernisation (TR-31, SHA-2+, EdDSA, PQ-readiness).

Bottom line

Whichever HSM or crypto platform you choose, we can help you buy it right, deploy it right, and keep it right—without locking you to a single vendor.