• English
    • Français
    • Deutsch
    • 日本語
    • Español
    • Svenska
  • Contact sales
  • Reseller locator
  • English English English en
  • Français Français French fr
  • Deutsch Deutsch German de
  • 日本語 日本語 Japanese ja
  • Español Español Spanish es
  • Svenska Svenska Swedish sv
Yubico
  • Why Yubico
    • For business
    • For individuals
    • For developers
  • Products
    • YubiKeys
    • YubiHSM
    • YubiEnterprise services
    • Services & software
    • Works with YubiKey
    • Find the right YubiKey
  • Solutions
    • Use Cases
      • Remote Workers
      • Passwordless
      • Microsoft 365
      • MFA modernization
      • Account takeovers
      • Compliance
      • Privileged users
      • Mobile restricted environments
      • Call centers
      • Secure password managers
    • Industries
      • Technology
      • Financial services
      • Cryptocurrency
      • Retail
      • Federal Government
      • State and Local Government
      • Elections and Political Campaigns
      • Education
      • Healthcare
  • Resources
    • Getting Started
    • COVID-19 Resources
    • White papers
    • Webinars
    • Product briefs
    • Case studies
    • Infographics
    • Yubico blog
    • Authentication standards
    • Videos
    • Developer program
    • Cybersecurity Glossary
  • Company
    • About us
    • The team
    • Innovation history
    • Careers & culture
    • Press room
    • Contact us
    • Partners
    • Events
    • Our customers
    • Free Speech program
    • Affiliate program
  • Support
    • Support services
    • Professional Services
    • Set up your YubiKey
    • Help
    • Documentation
    • Downloads
    • Buying and shipping
    • Security advisories
  • 
      • X
        Quick Links
        Find the Right YubiKey Set Up Your YubiKey Contact Us
        Knowledge Base
      • Search Yubico
  • Search
Store

Cloud-Based Hosting Provider Secures Virtual Machine Keys with YubiHSM 2

Case Study

Intility Customer Logo

Industry

Cloud-Based Hosting Technology

Benefits

  • Supports open industry security standards
  • Enhanced protection for cryptographic keys
  • More cost-effective than other solutions to deploy and maintain

Deployment Info

  • Type of YubiKeys: YubiHSM 2
  • Type of users: Corporate clients in multiple industries
  • Date of initial deployment: September 2019

Read the case study

About the organization

Intility is a complete multi-cloud platform service utilized by more than 600 companies across 2000 locations in Norway and around the world. Intility offers unlimited and scalable access to compute, storage, network, as well as integrated tools for productivity, security and mobility. Intility’s goal is to act as a catalyst for companies that want to exploit the power of technology in order to increase their own productivity and competitiveness.

The challenge: Securing Virtual Machines and Master Key

Intility instantiates many and diverse virtual machines (VMs) for its clientele across a wide geography, as a cost-effective way of deploying servers. As a cloud service provider, Intility needed to ensure that its clients’ VMs and the applications and data contained within are secure against external and internal threats. An intruder or malicious administrator could make a copy of a VM, steal it away from the data center, and boot it up in another environ- ment to access clientele information.

In order to raise the virtualization security bar, Microsoft Windows Server 2016 introduced the concept of Guarded Fabric to increase the security of Hyper-V Virtual Machines (VMs). Intility implements Microsoft Guarded Fabric to protect and secure mission critical systems, custumer data and services. A Microsoft Guarded Fabric consists of a Host Guardian Service (HGS) comprised of the Attestation Service and the Key Protection Service, a Guarded Host and a Shielded VM. The Key Protection Service stores and protects the master key in soft- ware. For enhanced security purposes, Intility wanted to deploy hardware protection for the master keys used by the Host Guardian Service. Intility was looking for a hardware security module that was both cost-effective and easy to deploy.

Arne Klæboe, Technical Manager, InCloud Applications & Security, Intility

“Intility sought a mechanism to encrypt the root of trust associated with the encryption methodology used with Host Guardian Service. YubiHSM was the best solution.”

The solution: YubiHSM 2

Intility deployed the Yubico YubiHSM 2 hardware security module, based on USB-A hardware RSA keys. YubiHSM secures the Host Guardian Service signing and encryption keys which validates the hosts ability to run a VM, as well as decrypt it.

The YubiHSM hardware security modules are inserted into a USB-A port on the servers running the Host Guardian Service. The Host Guardian Service protects the encryption keys needed to decrypt and start VMs. Because YubiHSM provides protection for the keys on hardware that is physically isolated from operations on the server, it adds an additional layer of security that is safe from software-based attacks.

Anything that needs a high level security on the machines is also eligible for being protected with an encryption on the virtual machine.

The results: Enhanced security with a simple and cost-effective solution

  • Running VMs under Microsoft’s Host Guardian service, results in encrypted VMs that are protected using YubiHSM.
  • The YubiHSM compatibility to protect other Active Directory Certificate Authority applications, and/or those needed for Linux (or in conjunction with both Windows and Linux instances running on Hyper-V) provides optional functionality for clients.
  • YubiHSM is easy to install and deploy, and is easily administered under standard Microsoft administration software.
  • YubiHSM offers a low cost and high security alternative to traditional, expensive hardware security modules on the market.

Say hello to the YubiKey, goodbye to account takeovers.

Contact Sales
Buy Online

Find
Take product finder quiz

Set up
Find set-up guides

Buy
Buy online
Contact sales
Find resellers

Stay connected
Sign up for email

RSS FeedTwitterLinkedInFacebookInstagramYoutubeGithub

Products
YubiKeys
YubiHSM
YubiEnterprise services
Services & software
Works with YubiKey
Find the right YubiKey

Why Yubico

For personal use
For businesses
For developers
Solutions
Remote Workers
Passwordless
Microsoft 365
Call centers
Cryptocurrency
Financial services
Federal Government
State & Local Government
More…
Resources
Getting Started
COVID-19 Resources
White papers
Webinars
Case studies
Product briefs
Infographics
Yubico blog
Authentication standards
Videos
Developer program
Company
About us
Trust in Yubico
The team
Innovation history
Careers & culture
Press room
Contact us
Partners
Events
Our customers
Affiliate program
Support
Support services
Professional Services
Set up your YubiKey
Knowledge base
Documentation
Downloads
Security advisories

Cookies Legal Trust Privacy Terms of Use

Yubico © 2021. All Rights Reserved.

We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.
Accept Settings
Yubico Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Preferences

Preference cookies are used to store user preferences to provide content that is customized and convenient for the users, like the language of the website or the location of the visitor.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Save & Accept
Scroll to top