Why lease an HSM instead of buying?

HSMs cost RM150K-500K outright and refresh every 5-7 years. Leasing converts capex to opex, includes the refresh, and bundles key ceremonies and audit support.

FIPS 140-3 Level 3 (or Level 4 for Thales Luna 7 with the right configuration).

Can you run our key ceremony?

Yes. nCrypt is the trusted operator; you bring your custodians and audit witnesses. We provide the ceremony scripts and audit documentation.

How does this integrate with our app?

Standard PKCS#11, JCE, KMIP, or REST APIs. We provide reference integrations for HSM-backed TLS, code signing, payment tokenisation, and database TDE.

Is this on-prem or cloud HSM?

Both available. On-prem hardware HSM is the default; cloud HSM (Thales DPoD or AWS CloudHSM) is bundled where appropriate.

What if BNM audits us?

You receive a full audit pack — chain of custody, key ceremony attestations, operational logs, and a regulator-ready RMiT-mapping document.

Can we bring our own keys (BYOK)?

Yes. Customer-generated keys are imported under a witnessed ceremony if required.

What about quantum-safe migration?

Thales Luna 7 supports post-quantum algorithm slots; we plan your migration when NIST PQC standards finalise.

Hardware-as-a-Service · 36-month bundle

FIPS 140-3 hardware key management, leased. From RM4,000/month.

Thales Luna or Entrust nShield HSM, with key ceremonies, BNM RMiT-aligned operations, and managed firmware lifecycle.

Calculate your bundle Talk to sales

What's included in the bundle

FIPS 140-3 Level 3 HSM appliance (HA pair standard)

Initial key ceremony with audit witnesses

Quarterly key-rotation and firmware updates

Audit-ready logging integration to your SIEM

BNM RMiT and PCI DSS documentation pack

Hardware refresh at month 30

Who this is for

✓BNM-licensed financial institutions
✓PCI DSS Level 1 / Level 2 merchants and processors
✓Government PKI / signing infrastructure
✓Fintech issuing payment credentials or digital identity

Deployment timeline

Week 1-2

Procurement, secure shipment, racking

Week 3

Key ceremony with audit witnesses, integration testing

Week 4

Production cutover, audit-pack delivery

Ongoing

Quarterly key rotation, firmware management, audit support

Sample bundles by company size

SMB

RM 4,000 – 7,000 / month

Single Thales Luna 7 HSM, FIs onboarding to RMiT

MidMarket

RM 7,000 – 15,000 / month

HA pair, multi-region, PCI DSS Level 1 merchant

Enterprise

RM 15,000 – 40,000+ / month

Multi-pair HA across DR sites, code-signing + tokenisation + payment workloads

Aligned to your regulatory obligations

BNM RMiTPCI DSSeIDAS-equivalentCommon Criteria EAL4+

Frequently asked questions

Need a one-off engagement instead of a leased bundle?

See our consulting service →

Ready to size HSM for your environment?

Three minutes in the calculator. A precise quote emailed within 24 hours.

Calculate my bundle Talk to sales

Financing available via our partner financial institutions. Indicative monthly figures based on standard 36-month terms; final pricing subject to credit assessment and signed master service agreement.

Ready to size HSM for your environment?

Three minutes in the calculator. A precise quote emailed within 24 hours.