Enterprise-grade HSMs that enable fund managers to secure their cryptographic keys and operations. Specifically designed to help financial institutions meet regulatory compliance, implement strong authentication, secure transactions, and protect sensitive investor data across multiple environments.
Physical security devices such as biometric access controls, secure servers, and encrypted storage solutions to protect sensitive client and investment data.
More Data Privacy and Security Hardware
More Risk & Compliance ...
|
Role-Based Access Control (RBAC) Restricts system access to authorized users based on roles. |
Vendor documentation and HSM industry practice indicate support for role-based access configuration and separation of duties. | |
|
Multi-Factor Authentication (MFA) Requires multiple factors to verify user identity before granting access. |
nShield HSMs support MFA for administrative interfaces as stated in product compliance documentation. | |
|
Granular Permission Levels Allows fine-tuned permission setting for different users and groups. |
Product literature details granular permissions, aligning access to roles (e.g., key management, audit). | |
|
Session Timeout Automatic log-off after a period of inactivity to prevent unauthorized access. |
Session timeout is supported as a best practice in admin interface and confirmed in user guides. | |
|
Single Sign-On (SSO) Integration Integration with SSO providers for unified authentication across platforms. |
Integration with enterprise authentication (incl. SSO protocols like SAML) documented in product datasheets. | |
|
Audit Logging of Access Attempts Logs every access attempt, successful or failed, for compliance purposes. |
Audit logging is mandatory for FIPS/SOC 2 HSMs and described in Entrust documentation. | |
|
Biometric Authentication Support Hardware supports fingerprint, facial, or iris scanning for authentication. |
Support for biometric authentication is available as an option in conjunction with supported identity management. | |
|
Remote Lockout Capability Enables the system to remotely lock hardware in case of detected threat or unauthorized attempt. |
No information available | |
|
Onboarding Approval Workflows Requires multiple parties to approve new access requests or changes. |
Entrust nShield workflow requires multi-authorization for key generation/usage to ensure multi-party controls. | |
|
Access Attempt Rate Limiting Limits the number of login attempts in a given time frame. |
No information available |
|
Data at Rest Encryption Encrypts stored data to protect against unauthorized access. |
Data at rest encryption is a primary function (HSMs secure key storage). | |
|
Data in Transit Encryption Encrypts all data moving between devices and networks using protocols like TLS. |
Product claims encryption during TLS/SSH management and compliant data transmission protocols. | |
|
Hardware Security Module (HSM) Integration Integration or native support for HSMs for key management and secure cryptographic operations. |
Entrust nShield is FIPS 140-2/3 validated HSM, supporting direct HSM integration. | |
|
End-to-End Encryption Capability Supports comprehensive encryption of data from source to destination. |
End-to-end cryptographic operations between client and host application are standard in nShield architectures. | |
|
Automated Key Rotation Supports scheduled or event-driven cryptographic key rotation. |
Automated (and scheduled) key rotation configurable through Entrust management interfaces. | |
|
Secure Key Storage Uses dedicated secure storage for cryptographic keys, isolated from general storage. |
Keys stored in hardware-protected partitions or Secure Execution Environments in the HSM. | |
|
Self-Encrypting Drives Uses storage devices that encrypt data automatically at the hardware level. |
Self-encrypting storage is typical of enterprise HSMs; nShield datasheets confirm this feature. | |
|
Encryption Algorithm Configurability Ability to select from a range of modern encryption algorithms. |
Product allows choosing from supported algorithms (AES, RSA, ECC, etc.). | |
|
Tamper-Proof Hardware Design Hardware physically prevents and/or logs attempts to access encrypted storage. |
nShield is certified with tamper-evident/tamper-proof hardware security design. | |
|
Data Wiping and Sanitization Secure and verifiable erasure of hardware data prior to decommissioning. |
Data wiping (zeroization) is mandatory for HSMs upon decommissioning. |
|
Real-Time Activity Monitoring Continuously monitors all actions/transactions occurring on the hardware. |
Continuous hardware monitoring and real-time alerts available via monitoring APIs and management console. | |
|
Comprehensive Audit Logs Maintains immutable logs of all actions related to data access and system configuration. |
Comprehensive, immutable audit logs are part of all nShield device deployments. | |
|
Automated Alerting Sends automatic alerts based on defined security/risk thresholds. |
Integrated alerting for operational and security events in Entrust monitoring console. | |
|
Regulatory Compliance Reporting Generates reports conforming to specific regulations (e.g., GDPR, SEC). |
HSM reporting can be tailored to regulatory needs (e.g., evidence for PCI/GDPR/FIPS). | |
|
Anomaly Detection Detects and responds to abnormal activity using behavioral analytics. |
Behavioral analytics/anomaly detection supported by integrations and monitoring APIs. | |
|
SIEM Integration Interface for exporting logs and events to Security Information and Event Management systems. |
Integration with SIEM solutions is explicitly supported for log ingestion. | |
|
Chain of Custody Tracking Maintains complete tracking of data and hardware possession for forensic purposes. |
Custody tracking for keys and HSM events built into audit and compliance features. | |
|
Customizable Reporting Frequency Allows administrators to define how often compliance and security reports are generated. |
No information available | |
|
Log Retention Period Configuration Configurable duration for which logs are securely retained. |
No information available | |
|
Immutable Log Storage Ensures that audit logs are tamper-evident or tamper-proof. |
Logs are stored securely, protected against tampering. |
|
Tamper-Evident Seals Seals which visibly indicate any attempt to open cases or enclosures. |
Physical tamper seals are standard for HSM chassis. | |
|
Physical Locks and Enclosures Locks/cages to prevent unauthorized removal or opening of hardware. |
Physical locks and secured enclosures included in nShield appliance options. | |
|
Environmental Monitoring Sensors to detect changes in temperature, humidity, or presence of smoke/water near hardware. |
Environmental monitoring available in enterprise rackmount HSMs. | |
|
Hardware Intrusion Alarms Sensors and alarms to alert if hardware is accessed or moved without authorization. |
Intrusion detection sensors and alarms in the product hardware per certification standards. | |
|
Visitor Access Control Records and restricts physical access of visitors to hardware environments. |
Data center installations require visitor controls, and nShield fits into these certified environments. | |
|
Video Surveillance Integration Supports connection to CCTV or other video surveillance systems. |
No information available | |
|
GPS Tracking Tracks hardware location, especially during transport or in mobile settings. |
Optional for mobile/field deployments; less relevant for fixed data center HSMs. | |
|
Secure Hardware Disposal Processes ensuring hardware is securely destroyed or wiped after end of use. |
Secure hardware disposal and removal process required for certified HSMs. | |
|
Physical Access Logging Maintains logs of all physical access events to hardware. |
Appliance can maintain physical access logs when deployed in supported environments. | |
|
Secure Installation Requirements Mandates installation in secure, access-controlled environments. |
HSM is designed for rack/cage deployment as per Entrust technical requirements. |
|
GDPR Compliance Meets General Data Protection Regulation standards for data privacy. |
Entrust advertises GDPR compliance of its HSM product line. | |
|
SOC 2 Certification Certified for Service Organization Control 2 for security, availability, confidentiality, etc. |
SOC 2 reports for nShield HSM are available to enterprise customers. | |
|
ISO 27001 Certification Complies with global information security management standard. |
Entrust has ISO 27001 certification for its data security product lines. | |
|
FIPS 140-2/FIPS 140-3 Validation Validates cryptographic security module per US government standards. |
FIPS 140-2 and 140-3 validations are available for multiple nShield models. | |
|
PCI DSS Compliance Compliant with Payment Card Industry Data Security Standard if relevant. |
PCI HSM and PCI DSS compliance referenced in Entrust security certifications. | |
|
SEC/FINRA Compliance Support Supports reporting and compliance for US financial regulatory bodies. |
Supports reporting and configuration to enable financial regulatory compliance (e.g., SEC/FINRA). | |
|
Customizable Compliance Policy Engine Ability to tailor controls/policies for diverse regulatory needs. |
Policy engine for compliance customization described in Entrust administration guides. | |
|
Automated Evidence Collection for Audits Automatically gathers and stores evidence needed for formal audits. |
Audit evidence collection and secure log archiving are standard HSM compliance features. | |
|
Certification Expiry Notifications Notifies administration ahead of compliance/certification expiration. |
Certification status dashboard and notifications included in Entrust solutions. | |
|
Audit Readiness Score Quantitative indicator of the product's current audit preparation. |
No information available |
|
System Uptime Guarantee Guaranteed minimum percentage of operational time. |
No information available | |
|
Mean Time Between Failures (MTBF) Predicts hardware reliability between failures. |
No information available | |
|
Self-Diagnostics Hardware runs continuous self-tests to detect faults. |
Self-diagnostics and health monitoring are built into FIPS-validated HSMs. | |
|
Redundant Power Supplies Multiple power supplies to reduce risk of downtime from power failure. |
Redundant power supply is common option for rackmount/high-availability HSMs. | |
|
Hot Swappable Components Permits parts to be changed without shutting down the system. |
Hot-swappable power supplies and fans available in some nShield enterprise models. | |
|
Disaster Recovery Support Integrates with disaster recovery plans and external storage. |
Disaster recovery is supported through backup, clustering and hardware key export mechanisms. | |
|
Hardware Monitoring APIs Provides APIs to monitor hardware status and health remotely. |
Management APIs allow remote monitoring of HSM health/status. | |
|
Firmware Update Management Supports secure, remote updates to firmware for ongoing protection. |
Remote and secure firmware update process documented for nShield. | |
|
Warranty Duration Duration hardware is covered under warranty. |
No information available | |
|
Rapid Spare Replacement Support Fast replacement service for failed hardware components. |
Rapid ship and on-site replacement available as premium support options. |
|
API Support Available APIs for integration with other risk/compliance and management software. |
nShield offers REST/JSON APIs for integration with enterprise and compliance applications. | |
|
Standard Protocol Support Supports industry-standard protocols (e.g., SNMP, Syslog, LDAP). |
Product supports standard protocols (SNMP for monitoring, Syslog for logging, LDAP for auth). | |
|
SIEM/SOAR Integration Connectivity with security orchestration and event management solutions. |
SIEM/SOAR integration for security event ingest confirmed in references. | |
|
Direct Cloud Integration Ability to connect and synchronize with cloud compliance services. |
Direct cloud integration options offered via Entrust as hybrid cloud HSM. | |
|
Custom Connector Capability Enables creation/adaptation of custom connectors for unique environments. |
Custom connectors available for bespoke environments via SDK. | |
|
Multi-Vendor Hardware Support Operates alongside and interoperates with multiple hardware vendors. |
Interoperability with other vendor hardware is a listed feature for nShield Connect and Solo. | |
|
Bulk Data Export/Import Can transfer historical or large data sets in/out for analysis or migration. |
Bulk import/export supported through APIs and management console. | |
|
Integration Setup Time Average time required to integrate with other core systems. |
No information available | |
|
REST/GraphQL Interface Availability Availability of REST or GraphQL interfaces. |
REST APIs/GraphQL interfaces are present and documented. | |
|
Plug-and-Play Compatibility Allows rapid deployment without custom engineering. |
Plug-and-play deployment possible for certified environments. |
|
Unified Management Console Central console for managing configuration, monitoring, and compliance. |
All HSMs centrally managed through Entrust management console. | |
|
Multi-Language Support User interface and documentation available in multiple languages. |
GUI and documentation support English, with options for additional languages upon request. | |
|
Customizable Dashboards Tailor admin dashboards to key metrics relevant for risk/compliance. |
Admin dashboards configurable to display key metrics for compliance and operation. | |
|
Interactive Tutorials In-situ interactive training built into the console. |
No information available | |
|
Role-Based Views Displays different information depending on user role. |
User roles define which metrics and options appear in the console UI. | |
|
Mobile Device Management (MDM) Interface Allows some management from mobile devices securely. |
Mobile apps/interfaces available for basic management and status updates. | |
|
Helpdesk Integration Built-in interface with support/helpdesk ticketing systems. |
No information available | |
|
Remote Management Tools Manage hardware from remote locations securely. |
Remote management (via secure VPN/API) is built-in. | |
|
User Activity Insights Analytics on hardware and platform user activity. |
User activity analytics available via reporting console. | |
|
Training & Certification Tracking Tracks user/admin completion of training and ongoing certifications. |
No information available |
|
Automated Incident Response Playbooks Predefined, automated responses to specific threats or compliance breaches. |
Automated incident response is supported through integrations, triggers, and policies. | |
|
Secure Evidence Collection Ensures forensic evidence (logs, snapshots) is automatically and securely collected. |
Secure evidence gathering, including key and event logs, is a baseline FIPS and PCI requirement. | |
|
Chain of Custody Management Tracks custody of evidence from collection to presentation. |
Chain of custody for logs/evidence tracks all access and changes. | |
|
Incident Impact Assessment Tools Tools to quantify the risk and impact of a security compliance incident. |
Risk calculators/impact tools in management dashboard. | |
|
Automated Containment Mechanisms Isolate affected hardware or systems automatically upon incident detection. |
Automated response including system isolation through policies. | |
|
Integrated Case Management Links evidence, actions, and outcomes in case files. |
Case management available via integrated compliance suite. | |
|
Forensic Snapshot Takes cryptographically accurate, timestamped snapshots of system state. |
Forensic snapshots of configuration and log files available for incident investigation. | |
|
Incident Response Readiness Assessment Quantitative readiness score for incident response. |
No information available | |
|
Automated Notification to Authorities Built-in workflows for reporting significant incidents to regulators or stakeholders. |
Automated reporting/notification for critical events including authorities/incident response workflows. | |
|
Remediation Guidance Library Detailed guidance for remediating detected compliance/security incidents. |
Knowledgebase and playbooks available via vendor and community portal. |
|
Clustered/Distributed Deployment Support Hardware can be deployed as part of clusters or distributed geographically. |
Clustering and distributed deployments in multi-data center and geographic environments are listed features. | |
|
Modular Expansion Capability Enables incremental hardware upgrades without full replacement. |
HSM modules can be added to expand performance/capacity incrementally. | |
|
Supported Maximum Concurrent Users Maximum number of users/devices hardware can support simultaneously. |
No information available | |
|
Automated Load Balancing Dynamically distributes system load to prevent bottlenecks. |
Load balancing and failover clustering included for high-availability deployments. | |
|
Automated Deployment Tooling Tools/scripts for rapid and standardized deployment across environments. |
Automated deployment tools for provisioning HSMs are available. | |
|
Zero-Touch Provisioning Hardware auto-configures with minimal manual intervention. |
Zero-touch provisioning supported in large enterprise settings. | |
|
Resource Allocation Flexibility Assign and re-assign hardware resources to varying workloads. |
Hardware resource allocation can be flexibly assigned to workloads/tenants. | |
|
Multi-Tenancy Support Securely supports multiple organizational units or clients on a single hardware platform. |
Multi-tenancy supported in virtual partitioned hardware configurations. | |
|
High Availability Clustering Ensures continuous operation with minimal failover time. |
nShield architecture includes high availability (HA) clustering. | |
|
Deployment Time Average time required for initial hardware deployment. |
No information available |
|
24/7 Support Availability Access to vendor support at any hour of the day/week. |
24/7 vendor technical support standard with enterprise service contract. | |
|
Transparent Vulnerability Disclosure Policy Vendor offers a clear and prompt channel for security vulnerability disclosures. |
Vendor posts vulnerability disclosures and responses through public channels. | |
|
Regular Security Patch Releases Vendor provides ongoing security patching with a documented schedule. |
Regular security patch cycle published for HSM products. | |
|
Service Level Agreement (SLA) Formal SLA outlining response and resolution times for issues. |
Service Level Agreements are a standard component of Entrust enterprise sales. | |
|
Signed Commitment to Data Privacy Vendor contractually commits to data privacy in contracts. |
Vendor contractually commits to privacy through DPAs and customer contracts. | |
|
Onsite Support Option Availability of support technicians to visit physical hardware locations. |
Onsite support is a premium available for enterprise customers. | |
|
User Community Portal Has an open user/support community for shared knowledge and peer assistance. |
Entrust operates a user community portal for peer support and best-practices sharing. | |
|
Transparency of Sub-Processors Vendor discloses all subcontractors and third parties involved. |
Entrust lists all sub-processors and third-party dependencies in public compliance resources. | |
|
Proactive Risk Advisory Bulletins Vendor issues advisories for emerging risks before direct impact. |
Entrust issues proactive bulletins to customers on emerging risks and vulnerabilities. | |
|
Support Ticket Average Response Time Average time for first response on submitted support tickets. |
No information available |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.