Crypto as a Service and easy consumable crypto services has become very important in most companies to enable many more applications to consume cryptographic services. Regulatory requirements like PCI and GDPR put encryption demands on sensitive data where ever they are located - on premise or in the cloud. This means that the need for access to cryptographic hardware in both distributed and mainframe environments has also increased. But cryptographic hardware is expensive, and so is the management of it, especially when the crypto hardware is in both distributed and mainframe environments. So how about centralizing the cryptographic capabilities - Or even better, begin leveraging the full potential of already existing hardware?
The Advanced Crypto Service Provider (ACSP) is a remote crypto services solution that enables applications in distributed environments with access to cryptographic hardware over the network. ACSP enables cost effective use of available cryptographic capacity, easy deployment of cryptographic services, and easier key management because the cryptographic key material is centralized and thereby easier to manage. It also allow for a much better utilization of the cryptographic hardware - which is particular true on IBM Z. Multiple decentral HSMs can often be replaced with a single crypto card in IBM Z.