Frequently asked questions

Here you will find key questions that some of our customers have inquired about.
¿Qué es el HSM Cloud by CEGA Security?
HSM Cloud by CEGA Security es un servicio que permite realizar operaciones criptográficas de una forma escalable, lo cual permite que no tengas que comprar un dispositivo, sino que simplemente, configuremos el cliente para que puedas empezar a utilizar el HSM as a Service. El objetivo principal es el resguardo de llaves criptográficas para proteger la seguridad de la información. Los Hardware Security Modules que utilizamos para nuestro servicio HSM en la nube, están certificados con los más altos niveles internacionales de seguridad, como lo es la Certificación FIPS 140-2 nivel 3, y están resguardados en centros de datos mexicanos de nivel Tier IV y Tier V, mismos que pueden, bajo previo aviso, ser auditados. De ser necesario, un miembro de CEGA Security te acompañará en el proceso de auditoría.

The HSM Cloud by CEGA Security maximizes the power of the HSM to optimize and distribute resources in a secure manner, which makes it easier for us to scale our service based on the needs our customers may have. It allows implementation in shorter amount of time compared to traditional HSM devices.

Nuestro HSM Cloud se distingue por ser una solución innovadora, auditable y a la medida, que pudiera ser utilizada para diferentes casos de uso, como, por ejemplo: Facturación Electrónica, Infraestructura PKI, Code Signing, Firma Digital, Timestamp, Encripción de Datos, entre otros.

¿Qué es un Hardware Security Module?
Un Hardware Security Module, mejor conocido como HSM, es un dispositivo criptográfico basado en hardware, con los más altos niveles de seguridad, cuya función principal es almacenar y proteger las llaves criptográficas sensibles de cualquier usuario, aplicación o sistema operativo. Estos equipos permiten procesar operaciones criptográficas de manera segura, controlando el acceso y distribución de la información más sensible, es por eso que la función del HSM es imprescindible dentro de la seguridad de la información.
¿Qué puedo hacer con el HSM Cloud by CEGA Security?
Nuestro servicio de HSM Cloud by CEGA ha tenido un gran éxito por su facilidad de integración, confiabilidad y rendimiento para Proveedores de facturación electrónica, firma digital y prestadores de servicios de confianza. Es ideal para Proveedores de Facturación Electrónica (PAC, PCCFDI, OSE)

También podemos realizar firmas digitales, encripción y desencripción de datos, verificación de firmas, firmado de PDFs, firmado de código, almacenamiento de llaves para alguna CA, Infraestructura PKI, entre otros casos de uso.

How does the HSM Cloud by CEGA Security work?
The connection to our service is done through a secure message, with which at CEGA Security, we filter the access(es) of each client, and once we establish communication, our service automatically initiates a balance between one or more HSM devices ensuring that everything is balanced in an efficient manner.

Para llevar esto a cabo, se establecen políticas de seguridad desde los servicios del cliente hacia los HSMs de CEGA Security, habilitando un entorno de pruebas y ofreciendo a nuestros clientes código de rápida integración, validando en poco tiempo la funcionalidad como cualquier otro módulo criptográfico. Se integran a la infraestructura del cliente las configuraciones necesarias para realizar las pruebas y verificaciones de servicio antes de lanzar a producción. Una vez en producción, nuestros especialistas monitorean el óptimo funcionamiento de su servicio sin comprometer la seguridad de sus llaves y certificados.

CEGA Security personnel DO NOT have access at any time to your cryptographic keys or information. The service is constantly monitored to ensure service availability. This monitoring is done 24/7 from our Headquarters Operation Center in Mexico, by trained engineers with extensive experience in HSM implementation.

Our specialists will help you or be up and running efficiently in just a few days, so that you can focus 100% on your business. In the event that you require greater capacity, our infrastructure will be fully scalable for any period of time that is required.

HSM Cloud by CEGA Security has support in English and Spanish

How does the HSM Cloud by CEGA Security work?
The connection to our service is done through a secure message, with which at CEGA Security, we filter the access(es) of each client, and once we establish communication, our service automatically initiates a balance between one or more HSM devices ensuring that everything is balanced in an efficient manner.

Para llevar esto a cabo, se establecen políticas de seguridad desde los servicios del cliente hacia los HSMs de CEGA Security, habilitando un entorno de pruebas y ofreciendo a nuestros clientes código de rápida integración, validando en poco tiempo la funcionalidad como cualquier otro módulo criptográfico. Se integran a la infraestructura del cliente las configuraciones necesarias para realizar las pruebas y verificaciones de servicio antes de lanzar a producción. Una vez en producción, nuestros especialistas monitorean el óptimo funcionamiento de su servicio sin comprometer la seguridad de sus llaves y certificados.

CEGA Security personnel DO NOT have access at any time to your cryptographic keys or information. The service is constantly monitored to ensure service availability. This monitoring is done 24/7 from our Headquarters Operation Center in Mexico, by trained engineers with extensive experience in HSM implementation.

Our specialists will help you or be up and running efficiently in just a few days, so that you can focus 100% on your business. In the event that you require greater capacity, our infrastructure will be fully scalable for any period of time that is required.

HSM Cloud by CEGA Security has support in English and Spanish

From where can I access HSM Cloud by CEGA Security services? Can my application be found anywhere?
Puedes conectarte desde cualquier infraestructura, nube pública, privada o híbrida. CEGA Security establecerá las políticas de conectividad, para que, sin importar dónde te encuentres, puedas utilizar el servicio sin ningún contratiempo. Creamos enlaces seguros entre tu aplicativo y nuestra infraestructura para su procesamiento.

Puedes Implementar nuestra solución HSM en la Nube e integrar en: AWS, Microsoft Azure, Softlayer, Rackspace.

Does HSM Cloud by CEGA Security work as a Local HSM?
Sí, cada Hardware Security Module funciona como HSM local. Por lo cual, puedes tener un módulo criptográfico local y un HSM as a Service en tu red, pero no trabajando en conjunto. Podemos integrar el HSM Cloud by CEGA Security a diversas marcas de HSM. Ponte en contacto con uno de nuestros especialistas para conocer más sobre las marcas que integramos localmente.
How can my application use HSM Cloud by CEGA Security?
CEGA Security, as part of a comprehensive service, will provide you with the connection tools regardless of the programming language you use. We have connection tools for .NET, Java and PKCS11, which is a standard that can be used by any programming language. In addition, we have a test site in which you can validate the functionality even if the service isn´t in production.

El servicio llave en mano de Cega Security para HSM Cloud, resuelve todos los puntos de integración y cumplimientos necesarios para nuestros clientes.

Can I use multiple applications or services with a single HSM Cloud by CEGA Security account?
Yes. The HSM Cloud by CEGA Security service is billed according to the transactions made and based on the security needs of your infrastructure, not by the number of applications. A usage plan is contracted for a certain amount of transactions per minute, being able to use multiple applications and, if necessary, temporarily scale your service.
How can I start using the HSM Cloud by CEGA Security?
CEGA Security will provide you with both, access to a test environment and also code with which you will be able to connect and perform the necessary tests to validate connection to the service. One of our experts will accompany you at all times so that you can make your first transactions smoothly and with ease.
¿En qué HSM se basa el HSM Cloud by CEGA Security?
Utilizamos HSMs Utimaco, con Certificación FIPS 140-2 nivel 3, los cuales, cumplen con los más altos estándares en la industria.
Can I migrate from a different brand HSM to the HSM Cloud by CEGA Security?
No. Sin embargo, cuentas con todo nuestro apoyo para la generación de una nueva llave y los trámites necesarios con la autoridad, para que sea posible.
Here you will find key questions that some of our customers have inquired about.
General
What is HSM Cloud by CEGA Security?

It is an innovative, auditable and tailored solution that can be used for different cases, such as:

Electronic Invoicing, Digital Signature, PKI Infrastructure, Code Signing, Timestamp, Data Encryption, among others.

HSM Cloud by CEGA Security is a service that allows you to carry out cryptographic operations in a scalable way, which allows you to not have to purchase a device, but simply configure the client so that you can start using an HSM as a Service. The main objective is to safeguard the cryptographic keys to protect the security of the information. The Hardware Security Modules that we use for our HSM Cloud Service, are certified with the highest international levels of security, such as the FIPS 140-2 Level 3 Certification and are protected in Tier IV and Tier V Mexican data centers which can be audited. If necessary, a CEGA Security Team Member will accompany you throughout the audit process.

The HSM Cloud by CEGA Security maximizes the power of the HSM to optimize and distribute resources in a secure manner, which makes it easier for us to scale our service based on the needs our customers may have. It allows implementation in shorter amount of time compared to traditional HSM devices.

How does the HSM Cloud by CEGA Security work?
The connection to our service is done through a secure message, with which at CEGA Security, we filter the access(es) of each client, and once we establish communication, our service automatically initiates a balance between one or more HSM devices ensuring that everything is balanced in an efficient manner.

To carry this out, security policies are applied from the client´s services to CEGA Security´s HSM´s, enabling a testing environment and offering our clients a rapid integration code, which in turn validate in a short amount of time the functionality like it would in any other cryptographic module. Any necessary configuration is integrated into the customers’ infrastructure to perform service tests and verifications before launching to production. Once in production, our team of specialists will be continuously monitoring your service to ensure optimal operation without compromising the security of your keys and certificates.

CEGA Security personnel DO NOT have access at any time to your cryptographic keys or information. The service is constantly monitored to ensure service availability. This monitoring is done 24/7 from our Headquarters Operation Center in Mexico, by trained engineers with extensive experience in HSM implementation.

Our specialists will help you or be up and running efficiently in just a few days, so that you can focus 100% on your business. In the event that you require greater capacity, our infrastructure will be fully scalable for any period of time that is required.

HSM Cloud by CEGA Security has support in English and Spanish

What can I use HSM Cloud by CEGA Security for?
El HSM Cloud by CEGA Security puede utilizarse para facturación electrónica y firma digital, encripción y desencripción de datos, verificación de firmas, firmado de PDFs, firmado de código, almacenamiento de llaves para alguna CA, Infraestructura PKI, entre otros casos de uso.

Our HSM Cloud service has been highly successful for its ease of integration, reliability, and performance for e-Invoicing, digital signature, and trusted service providers. It is ideal for Electronic Invoice Providers (PAC, PCCFDI, OSE).

What benefits do I get when I acquire the HSM Cloud Solution by CEGA Security?
  • Support from some of the top technical specialists in the implementation and integration of HSM Solutions.
  • It has been validated in accordance with FIPs 140-2 Level 3
  • Customized Plans of Use
  • Migration from a physical HSM
  • Support in English and Spanish
  • Scale your transactions On Demand
  • Next generation devices
  • Hosted in Data Centers with the Highest Security Standards
  • Auditable Infrastructure
  • Low implementation time
  • Elimination of maintenance cost
  • Service delivery in days not weeks!
Who is behind the HSM Cloud by CEGA Security?
CEGA Security has been implementing and integrating HSM solutions for more than 6 years. During this time, we have delivered and implemented 50+ Hardware Security Modules throughout Mexico and Latin America.

Our multidisciplinary team of specialists are highly trained in areas such as development, software, cryptography, information security and infrastructure, which are focused on the implementation and integration of both physical and cloud HSM integrations. We offer each and every one of our clients a comprehensive service, helping to solve any inconvenience that may arise related with their device until achieving a successful deployment in CEGA Security´s HSM Cloud.

How can I start using the HSM Cloud by CEGA Security?
CEGA Security will provide you with both, access to a test environment and also code with which you will be able to connect and perform the necessary tests to validate connection to the service. One of our experts will accompany you at all times so that you can make your first transactions smoothly and with ease.

Can't find you question?

Asunto:

Technical
How can my application use HSM Cloud by CEGA Security?
CEGA Security, como parte de un servicio integral, te proporciona las herramientas de conexión sin importar el lenguaje de programación que utilices. Tenemos herramientas de conexión para .NET, Java y PKCS11, el cual, es un estándar utilizable por cualquier lenguaje de programación. Además, contamos con un sitio de prueba con el que se puede validar la funcionalidad aún sin tener el servicio en producción.

CEGA Security´s turnkey service for HSM Cloud, solves all necessary integration points and compliance for our clients.

What Programming Languages and Technologies is the HSM Cloud by CEGA Security compatible with?
  • PKCS#11
  • JAVA Cryptography Extension (JCE)
  • Microsoft Crypto API (CSP), Cryptography Next Generation (CNG) and SQL Extensible Key Management (SQLEKM)
  • Cryptographic eXtended services Interface (CXI), the high-performance interface that these teams have, guarantees easy integration of cryptographic functionality in client applications.
What Cryptographic Algorithms and technical specifications does the HSM Cloud by CEGA Security support?
  • RSA, DSA, ECDSA con curvas NIST and Brainpool
  • DH, ECDH con curvas NIST and Brainpool
  • AES, Triple-DES, DES
  • MAC, CMAC, HMAC
  • SHA-1, Familia-SHA2, SHA3, RIPEMD
  • Hash-based Deterministic Random Number Generator (DRNG)
  • True Random Number Generator (TRNG according to AIS31 class PTG.2)
  • All algorithms are included in the price of the product

Can't find you question?

Asunto:

Security
In which data center is the HSM Cloud by CEGA Security Hosted?
The HSM Cloud by CEGA Security solution is protected in data centers with ICREA 4 and ICREA 5 certification in Mexico, which have all the necessary measures to prevent connectivity problems.

One of the biggest advantages that we offer at CEGA Security is that the infrastructure can be audited in any of the data centers where our devices are stored around the globe. One of our representatives will be glad to accompany you during the audit.

Does the HSM Cloud by CEGA Security service support FIPS 140-2 level 3?
Yes. Our HSM is FIPS 140-2 level 3 certified; We also have equipment available with Common Criteria, EAL4 + and PCIHSM certifications.
What HSM is the HSM Cloud by CEGA Security based on?
We use FIPS 140-2 level 3 certified HSMs, such as the Utimaco brand, which meet the highest standards in the industry.

Our HSM Cloud by CEGA Security technology is also based on CEGA Security expertise.

What security and protection certifications does the HSM Cloud by CEGA Security have?
The HSM Cloud by Cega Security processing infrastructure is validated with the highest quality and security standards, offering maximum protection, integrity and non-repudiation to your applications.

  • FIPS 140-2 Level 3
  • CE, FCC Class B
  • UL, IEC / EN 60950-1
  • CB certificate
  • RoHS II, WEEE
Who manages the firmware on my HSM Cloud by CEGA Security?
Cega Security manages all the firmware and maintenance of the solution. We designed it this way so that you can spend less time on the technical aspect and more time on growing your business. CEGA Security will take care of all the technical details of the HSMs and the infrastructure components.
¿Puedo monitorear mi HSM Cloud by CEGA Security?
En CEGA Security estamos trabajando continuamente para aportar mayor valor a nuestros clientes. Actualmente estamos desarrollando las herramientas de monitoreo para poner a tu disposición. Por el momento, nuestros expertos estarán atentos a todos los elementos para asegurar el óptimo desempeño de la infraestructura. Distribuiremos información y alertas pertinentes a tu infraestructura de procesamiento en tiempo y forma.
Do I need to monitor my HSM Cloud by CEGA Security?
Our experts are always attentive and monitoring all the elements to ensure the optimal performance of the infrastructure. We will send information and alerts relevant to your processing infrastructure in a timely manner.
Do I share my HSM Cloud with other CEGA Security clients?
An HSM contains multiple partitions which are individually separated. Each client has his/her own partition, so each individual only has access to their personal information. Our HSM technology allows you to implement partitions on certified FIPS 140-2 Level 3 infrastructure, which allows us to deliver high security standards with the flexibility you require.

Can't find you question?

Asunto:

Scalability
How is the cost of the HSM Cloud by CEGA Security service determined?
We have different options based on your company needs. The HSM Cloud by CEGA Security plans are designed according to your current transactionality with the option of scalability in the future.

Charges vary in proportion to usage or the range of transactionality with the HSM and the number of keys stored in your partition. We also have special plans to integrate into your DRP.

How many HSM´s should my infrastructure have?
At CEGA Security we recommend that you have a high transactional service in our main cluster and have a DRP alternative in our secondary cluster.
How can I establish a high availability configuration with the HSM Cloud by CEGA Security?
Our transactional infrastructure provides various high availability mechanisms, from the data center to the HSM´s that balance the transactionality of the load and guarantee high availability. However, we always recommend having an alternate site, such as a Disaster Recovery Plan. If you don't already have one, at CEGA Security we have special plans to integrate an HSM Cloud into your DRP.

Can't find you question?

Asunto:

Integration
Can I migrate from a different brand HSM to the HSM Cloud by CEGA Security?
It is possible to migrate from you physical HSM device to our HSM Cloud Solution. Depending on the brand of your Hardware Security Module, will be the ease or complexity that the migration will depend on. However, our team of HSM implementation experts will assist you throughout the key generation, CSR, and documentation required until the migration is completed successfully, including our turnkey service. CEGA Security will help you cover all the necessary points to eliminate the risks of your migration to the cloud.
Does HSM Cloud by CEGA Security work as a Local HSM?
Yes, each Hardware Security Module works as a local HSM. Therefore, you can have a local cryptographic module and an HSM as a Service in your network. We can integrate HSM Cloud by CEGA Security to various brands of HSM´s. Contact one of our specialists to learn more about the brands we integrate locally.
From where can I access HSM Cloud by CEGA Security services? Can my application be found anywhere?
You can connect from any infrastructure, public, private or hybrid cloud. CEGA Security will establish connectivity policies, so that, no matter where you are, you can use the service without any setback. We generate secure mechanisms between your application and our infrastructure for processing.
In which infrastructures can I integrate the HSM Cloud by CEGA Security?
You can implement our HSM Cloud Solution and integrate in: AWS, Microsoft Azure, Softlayer and Rackspace.
Can I use multiple applications or services with a single HSM Cloud by CEGA Security account?
Yes. The HSM Cloud by CEGA Security service is billed according to the transactions made and based on the security needs of your infrastructure, not by the number of applications. A usage plan is contracted for a certain amount of transactions per minute, being able to use multiple applications and, if necessary, temporarily scale your service.

Can't find you question?

Asunto:

Support
How can I get my call history from HSM Cloud by CEGA Security?
We can provide you with signed logs for audits and traceability.
Is there an SLA contract for the HSM Cloud by CEGA Security?
Absolutely! We abide by high levels of service standards, being able to meet the most demanding support requests. Contact us to learn more about our different levels of service.
What type of support does the HSM Cloud by CEGA Security offer?
With the HSM Cloud solution by CEGA Security, we provide our executive clients our utmost dedicated support in English and Spanish! The ease of calling and speaking to an engineer who, in addition to knowing the specific implementation, speaks the same language, gives our customers a feeling of well-being and confidence. Our help desk provides support 24/7 by engineers with experience in HSM technology and knowledge of implementation. Customer Satisfaction is our #1 priority.

Can't find you question?

Asunto:

Suscríbete a nuestro boletín

Suscríbete a nuestro boletín

Recibe en tu correo novedades y artículos sobre ciberseguridad y HSM

You have Successfully Subscribed!