We’re very excited to announce the overall availability of Azure Fee HSM, a BareMetal Infrastructure as a service (IaaS) that allows prospects to have native entry to cost HSM within the Azure cloud. With Azure Fee HSM, prospects can seamlessly migrate PCI workloads to Azure and meet probably the most stringent safety, audit compliance, low latency, and high-performance necessities wanted by the Fee Card Trade (PCI).
Azure Fee HSM service empowers service suppliers and monetary establishments to speed up their cost system’s digital transformation technique and undertake the general public cloud.
 |
“Fee HSM assist within the public cloud is likely one of the most important hurdles to beat in transferring cost programs to the general public cloud. Whereas there are various totally different options, none can meet the stringent necessities required for a cost system. Microsoft, working with Thales, stepped as much as present a cost HSM answer that would meet the modernization ambitions of ACI Worldwide’s know-how platform. It has been a pleasure working with each groups to deliver this answer to actuality.”
—Timothy White, Chief Architect, Retail Funds and Cloud
|
Service overview
Azure Fee HSM answer is delivered utilizing Thales payShield 10K Fee HSM, which provides single-tenant HSMs and full distant administration capabilities. The service is designed to allow complete buyer management with strict position and knowledge separation between Microsoft and the client. HSMs are provisioned and linked on to the client’s digital community, and the HSMs are below the client’s sole administration management. As soon as allotted, Microsoft’s administrative entry is restricted to “Operator” mode and full accountability for configuration and upkeep of the HSM and software program falls upon the client. When the HSM is not required and the machine is returned to Microsoft, buyer knowledge is erased to make sure privateness and safety. The answer comes with Thales payShield premium bundle license and enhanced assist Plan, with a direct relationship between the client and Thales.
Determine 1: After HSM is provisioned, HSM machine is linked on to a buyer’s digital community with full distant HSM administration capabilities by way of Thales payShield Supervisor and TMD.
The client can rapidly add extra HSM capability on demand and subscribe to the very best efficiency stage (as much as 2500 CPS) for mission-critical cost purposes with low latency. The client can improve, or downgrade HSM efficiency stage primarily based on enterprise wants with out interruption of HSM manufacturing utilization. HSMs could be simply provisioned as a pair of units and configured for top availability.
Azure stays dedicated to serving to prospects obtain compliance with the Fee Card Trade’s main compliance certifications. Azure Fee HSM is licensed throughout stringent safety and compliance necessities established by the PCI Safety Requirements Council (PCI SSC) together with PCI DSS, PCI 3DS, and PCI PIN. Thales payShield 10K HSMs are licensed to FIPS 140-2 Degree 3 and PCI HSM v3. Azure Fee HSM prospects can considerably scale back their compliance time, efforts, and value by leveraging the shared accountability matrix from Azure’s PCI Attestation of Compliance (AOC).
Typical use instances
Monetary establishments and repair suppliers within the cost ecosystem together with issuers, service suppliers, acquirers, processors, and cost networks will profit from Azure Fee HSM. Azure Fee HSM allows a variety of use instances, akin to cost processing, which permits card and cell cost authorization and 3D-Safe authentication; cost credential issuing for playing cards, wearables, and linked units; securing keys and authentication knowledge and delicate knowledge safety for point-to-point encryption, safety tokenization, and EMV cost tokenization.
Get began
Azure Fee HSM is out there at launch within the following areas: East US, West US, South Central US, Central US, North Europe, and West Europe
As Azure Fee HSM is a specialised service, prospects ought to ask their Microsoft account supervisor and CSA to ship the request by way of electronic mail.
Study extra about Azure Fee HSM
To obtain PCI certification experiences and shared accountability matrices:
