Luna Cloud HSM
Overview
Luna Cloud HSM is delivered through the Thales Data Protection on Demand cloud marketplace, providing Luna HSM instances without on-premises hardware deployment whilst keeping keys in dedicated hardware. The service uses the standard Luna Client for integration, maintaining API compatibility with on-premises Luna HSMs and supporting high availability groups that span cloud and on-premises HSM instances.
Unsung implements Luna Cloud HSM for UK customers that need hardware-based key protection without procuring and managing physical HSM appliances, or that require hybrid HSM environments spanning cloud-hosted and on-premises Luna infrastructure.
The Challenge
Organisations moving applications and services to the cloud need HSM-grade key protection for their cloud-hosted cryptographic operations. Procuring, deploying, and managing physical HSM appliances requires capital investment, data centre space, and specialist operational skills that not all organisations can resource. Cloud-native key management services provided by cloud platforms offer convenience but may not meet the regulatory or assurance requirements that mandate dedicated, FIPS-validated hardware key protection.
Organisations with existing on-premises Luna HSMs face an additional challenge when extending to the cloud: they need cloud HSM services that integrate with their existing Luna infrastructure, maintaining consistent key management practices and enabling high availability groups that span both environments without requiring a separate HSM platform for cloud workloads.
What It Does
Luna Cloud HSM provides dedicated Luna HSM instances hosted by Thales, accessible over the network using the standard Luna Client. Because it uses the same client interface as on-premises Luna HSMs, applications that already integrate with Luna Network or PCIe HSMs can connect to Luna Cloud HSM without code changes. This compatibility also enables high availability configurations that include both cloud and on-premises Luna HSMs, providing resilience across environments.
The service eliminates the need to procure, rack, and manage physical HSM hardware, whilst maintaining the dedicated hardware key protection that distinguishes HSM services from software-based key management. Keys remain in hardware at all times, and the service provides the FIPS 140-2 Level 3 validated key protection required by regulated environments. Organisations consume Luna Cloud HSM on a subscription basis through the Data Protection on Demand marketplace, scaling their HSM capacity as requirements change.
How Unsung Helps
Unsung helps clients evaluate cloud HSM options, design hybrid HSM architectures that span cloud and on-premises Luna infrastructure, and implement Luna Cloud HSM integrated with their existing applications and PKI environments. Our Hardware Security Modules service covers cloud and on-premises HSM strategy, ensuring consistent key management practices regardless of deployment model. Our PKI Management & Hosting service provides managed PKI operations for organisations using cloud-hosted HSM infrastructure.
Related Unsung Services
Hardware Security Modules — Cloud and on-premises HSM strategy, deployment, and integration.
PKI Management & Hosting — Managed PKI services using cloud-hosted HSM infrastructure.
PKI Consultancy — Advisory on cloud cryptographic strategy and hybrid HSM architectures.
PKI Design & Build — Design and implementation of cloud and hybrid PKI environments.
