VirtuCrypt Cloud

Improve security while reducing overhead

Provision and deploy hardware security modules (HSMs) and key management servers through Futurex’s VirtuCrypt cloud service:

  • Access unlimited cryptographic functionality
  • Protect data in different PCI zones
  • Reduce compliance scope
  • Increase system redundancy
Sales brochureTalk to a pro
virtucrypt cloud services

Geographically diverse data centers

Accessible from virtually anywhere, the VirtuCrypt cloud enables you to scale to global operations. If a disaster occurs, your critical infrastructure remains highly available with full redundancy and no downtime.

Data center information
VirtuCrypt cloud HSM data centers

Compliant, flexible, and scalable

Deploy complete infrastructures or spin up individual cryptographic functions as needed–all with the same high performance and security of physical hardware, and at a more efficient cost. VirtuCrypt cloud HSMs are validated under FIPS 140-2 Level 3 and PCI HSM standards.

See our architecture

VirtuCrypt cloud HSM solutions

The power of the cloud is its flexibility. The Futurex cloud services are not a template to which you conform: they are a canvas on which you create and deploy your ideal cryptographic infrastructure. Our HSMs include vendor-neutral APIs to simplify integration and minimize the impact on existing infrastructure while laying the foundation for further cryptographic development.

VirtuCrypt Cloud HSM
A fully-managed cloud HSM service using FIPS 140-2 Level 3-validated hardware in data centers around the world. Visit page
VirtuCrypt Cloud Payment HSM
The world’s first cloud payment HSM service, serving customers worldwide with native public cloud integration. Visit page
Schedule a demo

Native integration with public clouds

Integrating on-premises hardware with cloud-based applications or connecting Software-as-a-Service (SaaS) solutions to separate cloud applications has enabled sharing and unifying data and improved connectivity and visibility.

  • VirtuCrypt access point (VAP): Use a single set of cloud HSMs across multiple regions within a single public cloud provider
  • Connect applications spanning multiple public cloud platforms to a single VirtuCrypt cloud HSM estate
  • CryptoTunnels: Turnkey connection security between on-premises apps, cloud-hosted applications, and cloud HSMs
  • Public cloud integration allows account management, invoicing, and billing to be handled from a single interface
  • See it on AWS Marketplace!

Payment services and cloud HSMs

Financial acquiring

  • PIN translation and verification
  • EMV validation
  • Message Authentication Code (MAC) generation and verification
  • Financial key management and derivation
  • CVV generation and validation
  • Mobile payment acceptance

Financial issuing

  • PIN and offset generation
  • Mobile and web PIN management
  • EMV key generation and derivation
  • Mobile payment token issuance

Point-to-Point Encryption (P2PE)

  • Cardholder data decryption (FPE & DUKPT)
  • Cardholder data translation
  • P2PE key management

Key management methods

Secure encryption key loading is crucial to building a secure environment. Administrators can securely load major keys into cloud payment HSMs by using several methods, including Bring Your Own Key (BYOK), key agent services, and HSM-generated keys.

Bring Your Own Key (BYOK)

Organizations requiring self-management of encryption keys to protect their most sensitive data can use bring your own key (BYOK) services to manage their keys in VirtuCrypt cloud payment HSMs. The Excrypt Touch is the Futurex FIPS 140-2 Level 3 and PCI HSM-validated tablet that allows organizations to manage their own encryption keys from anywhere in the world. With the Excrypt Touch, administrators can establish a remote TLS connection with mutual authentication and load clear master keys to VirtuCrypt cloud payment HSMs.

Transferring keys to VirtuCrypt cloud payment HSMs with the Excrypt Touch uses double encipherment for key components. Double encipherment adds additional security by requiring the components to be encrypted by two separate keys.

Key agent service

For organizations requiring key management assistance, the Futurex key agent team can load keys into VirtuCrypt cloud payment HSMs. With this service, VirtuCrypt handles the loading and storing of key components. The ownership of the keys remains with the customer throughout this process.

HSM-generated keys

Administrators can randomly generate major keys by using the FIPS 140-2 Level-certified random number generator (RNG) of their cloud HSMs.

Service structure

VirtuCrypt cloud HSMs come in different models. Organizations can choose a model depending on what level of functionality and power they need.


You can customize a financial HSM to include any hardware encryption function. Use VirtuCrypt’s cloud payment HSM service with your choice of profiles: transaction acquiring or card and mobile issuing.


Organizations can choose from different redundancy options. Having a single HSM at one site offers no redundancy. With site redundancy, two HSMs are active at one site, increasing the dependability of the system. A step up from that is full redundancy: with four HSMs at two different sites, the system is completely protected against hardware failures and data loss due to a lack of backup.

High availability

High availability goes beyond redundancy, and you can achieve this only by
eliminating single points of failure, having reliable crossover or failover points, and reacting to failures in real-time. Configure your infrastructure to be highly available by configuring and automating redundant cloud HSMs with SLA-backed uptime.

In the cloud, on-premises, or a hybrid of both: Futurex delivers tailored cryptographic solutions to fit your business needs.


Any cryptographic function. Any size. Any scale. Any location.

Learn more

Direct integration with major public cloud providers

AWS cloud HSM integration
Amazon Web Services

Sign up now

Azure dedicated HSM
Microsoft Azure

Sign up now

Google cloud HSM integration
Google Cloud Platform

Request consultation

Direct integration with other services and applications housed outside the public cloud itself is an increasingly popular choice for public cloud usage. Cloud Payment HSMs offer direct integration with public clouds,  and you can rapidly provision services through the public cloud marketplace.

Frequently Asked Questions

VirtuCrypt is a cloud-based cryptographic platform that enables you to deploy HSM encryption, key management, PKI and CA, and more, all from a central location. VirtuCrypt operates data centers in every geographic region for lower latency and higher compliance.

VirtuCrypt Enterprise

The VirtuCrypt Enterprise service offers a complete, comprehensive platform for secure key management, data processing, storage, infrastructure backup and disaster recovery, and more. With white labeling services available, VirtuCrypt is your single source cloud provider for your entire core cryptographic infrastructure.

VirtuCrypt Elements

VirtuCrypt Elements provides specific functionality on a per-transaction basis, with virtually limitless scalability.

VirtuCrypt Plus

Complementing the Futurex solution suite, VirtuCrypt Plus services use the cloud to enhance visibility, ease compliance burdens, and increase redundancy.

Imagine a hardened cloud service that combines scalable, fully redundant data processing capabilities along with the convenience of remote access and the robust physical and logical security of FIPS 140-2 Level 3-validated hardware security modules, key and certificate management servers, and more. That concept is now a reality, with organizations of all sizes able to benefit from the VirtuCrypt cloud service based on Futurex’s globally trusted Hardened Enterprise Security Platform.

VirtuCrypt’s far-reaching functionality is separated into multiple levels of service, differing based on the environments into which it will be implemented. It provides organizations exactly the technology they need, in a format most conducive to the total system.

The wide range of applications for existing and new IT infrastructures include but are not limited to:

  • HSM-based data processing
  • Key and certificate management
  • Registration authority
  • Object signing
  • P2PE and tokenization
  • Secure key, certificate, and data storage
  • Public key infrastructure generation and injection
  • Cyber security
  • SSL/TLS link encryption

The VIP Dashboard provides an intuitive way to securely control and monitor your entire cryptographic environment from one location. Users can configure their VIP Dashboard to include only the information that is most useful to them and define custom alerts through VirtuCrypt’s active environment monitoring utility.

Organizations also have the opportunity to rebrand the VirtuCrypt Dashboard so that it can be offered to customers with the cohesive look and feel they’ve worked hard to build. This includes adjusting color schemes, logos, and imagery to match the company’s brand and create instant product recognition for customer base.

The multiple geographically separate data centers selected by VirtuCrypt showcase its high regard for uncompromising security. Not only are these data centers outfitted with state-of-the art technology, but they enforce physical and logical security measures, such as biometric access controls and dual authentication, that ensure the integrity of your most sensitive data.

Want to learn more?

Contact a Solutions Architect today.

Give us a call