YubiHSM 2’s ‘Bring Your Own Key’ is portable security for cloud

Creating a robust data encryption strategy in a multi-cloud environment can be challenging. Considerations like availability, fail-over, control, cost and compliance are crucial. For organizations that are encrypting data on-premises and considering moving data to the cloud, a typical approach is to use an on-premises Hardware Security Module (HSM) or a cloud-based HSM. However, acquiring and managing traditional on-premises HSMs can be costly and complex. The acquisition and overhead costs can be prohibitive for organizations that require on-prem HSMs for key generation and backup, and a low number of cryptographic operations per year. 

There are also challenges with cloud-based HSMs as they can lock you into a single cloud provider – thus moving security and control of an organization’s data to the provider. In turn, this makes it difficult and expensive to utilize the benefits of a multi-cloud environment – like decrypting and porting data to other cloud providers.

To address this and enable organizations to own multi-cloud encryption keys, Yubico will be introducing ‘Bring Your Own Key’ (BYOK) capabilities for YubiHSM 2. With this upcoming functionality, the world’s smallest hardware security module will enable organizations to securely and cost-effectively store and transfer data in a multi-cloud environment using an on-premises HSM for secure management of cryptographic credentials – at a fraction of the cost and size of traditional HSMs. These new YubiHSM 2 capabilities will provide a number of benefits to organizations including:

Enhanced data security in a multi-cloud environment

Organizations will be able to stay in control of the security of their data in the multi-cloud versus relying on cloud-based HSMs. Organizations will be able to securely generate and manage data encryption keys on-premise with YubiHSM 2. The low price point and nano form factor will enable easy and cost-effective data portability in multi-cloud environments.

Better control, portability and flexibility

Organizations will have the option of BYOK using the YubiHSM 2 for Amazon AWS, Microsoft Azure and Google Cloud in order to stay cloud agnostic. YubiHSM 2 meets standard BYOK requirements across these leading cloud providers, enabling greater security for organizations by having control over their data encryption keys – including the choice of where to store their data and master keys based on business needs and budgetary requirements.

Reduction of cost and maintenance requirements compared to traditional on-premises HSMs

The world’s smallest hardware security module will enable organizations to securely and cost-effectively store and transfer data in a multi-cloud environment using an on-premises HSM for secure management of cryptographic credentials, at a fraction of the cost and size of traditional HSMs.

Meet regulatory compliance

YubiHSM 2 helps organizations stay compliant with a better way to secure and trust credentials. In order to meet the highest security compliance, YubiHSM 2 is available in a FIPS 140-2 validated, Level 3 version.

YubiHSM 2 is a full-function, network accessible HSM with a rich cryptography suite, PKCS#11 interface, software development kit, and additional cryptographic tools. YubiHSM 2 is available in a nano form-factor that easily fits into a USB-A port on a server, offering a low-cost alternative to traditional HSM models. Organizations can choose to deploy a production and backup version of the YubiHSM 2 for business continuity purposes. There are two versions of the YubiHSM 2: a FIPS 140-2 validated, Level 3 version as well as the non-FIPS YubiHSM 2 which includes the new BYOK feature.

The YubiHSM 2 has an ecosystem of robust tools and libraries for simplified deployment for organizations for all sizes, and a cryptographic suite of the most well-known, secure, and widely used cryptographic algorithms for key generation, key storage, management, signing operations and more. 

To stay updated and for more information on the upcoming ‘Bring Your Own Key’ feature for YubiHSM 2, sign up here.

Attending AWS re:Invent this week? Be sure to stop by booth #1402 to discuss phishing-resistant MFA and learn how Yubico and AWS deliver trust at scale, as well as ask any questions about BYOK with YubiHSM 2 – register in advance for a consultation here.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day