The integration is most useful in the following scenarios:
-
When high volume, highly concurrent on-the-fly encryption/decryption is required on client-side or application-level encryption scenarios and maximum security for keys is needed. This use case includes:
-
Big Data applications in the cloud (Snowflake, Databricks, etc..). where processing of big data during querying may require on-the-fly decryption of millions of rows to fulfill the query.
-
Workplace applications (Google Workspace, Office 365) when they are protected by client-side encryption (respectively Google CSE and Microsoft DKE). In this scenario, a large number of user machines may concurrently access the KMS at any time.
-
-
The software providing the encryption/decryption oracle (Cosmian KMS) cannot be co-located with the hardware security module. Such a scenario includes running the Cosmian KMS in confidential computing in the cloud for reduced latency while keeping the CryptoServer in a different location for better security.
The Cosmian KMS is a scalable software solution that offers large-scale, real-time encryption and decryption. The u.trust GP HSM delivers robust security for all key materials the KMS handles.