MYHSM and the Cloud Models

Bernard Foot, Strategy Analyst at MYHSM, the global Payment HSM as a Service provider, discusses how the MYHSM service fits in to, and supports, the various Cloud computing models.

The term “Cloud” is often used rather loosely – as shorthand for an IT architecture which provides on-demand, self-service to a large number of end users over a client-agnostic network, with elasticity of resources and an appropriate management environment. But, of course, there are a number of different models hiding behind this single word.

In this blog, I want to look at how the MYHSM service relates to the various Cloud models and supports them.

The Cloud Models

First of all, let’s recap on the different Cloud models.

Public Cloud:

  • The equipment and software are owned by the service provider, such as Amazon, Google, IBM or Microsoft.
  • The equipment is operated and managed by the service provider.
  • The IT resources are multi-tenant, i.e. shared between multiple users.
  • Access is via the internet.

Private Cloud:

  • The equipment and software are owned by the user.
  • The equipment may be located in the user organisation’s premises, where it will be operated by the user. Or it can be hosted by a service provider such as Equinix, where its operations and administration will be shared by the user and service provider.
  • The IT resources are available only to the user organisation.
  • Access is through some kind of private network.

Hybrid Cloud:

  • An architecture involving both Private and Public Clouds, with applications and data shared between them.
  • The Private Cloud may be used for particularly sensitive applications, while the Public Cloud might be used for mass-user applications (such as Office), overflow at peak times, DR, or development and testing.


  • Where several independent Cloud services from different providers are used. A Hybrid Cloud architecture is one example, but Multi-Cloud may involve multiple non-integrated Private or Public clouds.

How is the MYHSM service defined in this terminology?

Well, it doesn’t fit neatly into any one of these options.

Firstly, the various Cloud models relate to application processing and data storage resources, whereas the Payment Hardware Security Modules (HSMs), that MYHSM operates, are essentially sophisticated peripherals providing a specific function to applications running elsewhere.

Secondly, the MYHSM deployment model takes aspects from each of the Public and Private Cloud models.

As in a Public Cloud, the equipment is owned, operated, and managed by MYHSM, and can be multi-tenanted (depending on the service required by the user) – this provides the user with optimised costs and takes away the burden of acquisition, operation, and certification. And access is via the internet.

But the MYHSM service also has some of the characteristics of a Private Cloud. Equipment can optionally be made available for use by a single client only. And although this access method uses the internet, strong customer-specific encryption, and techniques such as white listing, effectively provide private networks between customers and their resources in the MYHSM service.

The MYHSM service has some of the hallmarks of a Hybrid Cloud as well. It can be used in a system which also uses Payment HSMs located elsewhere, for example, on the customer’s own premises – this enables the service to provide overflow, DR, and development/testing resources.

But actually …

How the MYHSM service fits into the Cloud models is not as important as how it can be used by payment applications which themselves fit into one of these Cloud models. And the answer to that is quite straightforward – the MYHSM service can be used by any application in any Cloud (or non-Cloud) architecture that is able to access the internet.

Got a question? Email us at: 

Share this entry: