Onchain Custodian, a custody provider based in Singapore, has released on Tuesday the latest version of its hardware-based vault, integrating cryptography services on an infrastructure securely hosted by IBM.
Previously, IBM has offered digital asset custodians cloud services on a hybrid basis, where the custodian maintains certain servers guarding private encryption keys, with other services running from rented data centers and in remote locations. But this is the first time a custodian has felt comfortable outsourcing to the public cloud of IBM the entire key management and storage process.
“Onchain has been using a pure public cloud model from day one,” said Rohit Badlaney, executive director of IBM Z Cloud. “They seem to have got a lot of interest from clients, whether it’s hedge funds or institutional investors. It will be interesting to see how this market moves.”
IBM’s Cloud is Super Highly Secured
IBM itself does not have access to created and stored private keys on its HyperProtect cloud. The system is constructed using hardware security modules (HSM), a sort of lockbox that protects and manages digital keys in a manipulator-proof environment.
Alexandre Kech, Onchain Custodian’s chief executive and co-founder, said guarding keys in your own custom-built vaults might seem the safest method intuitively, but that is not necessarily the case.
“If it’s on-premise that means you know where it is, if you happen to be badly intentioned,” said Kech. “Of course if you are a bank you can secure that pretty well, but if you are a startup, it’s creating more risks. Even if your data center is secure, it’s generally difficult to geographically disperse it.”
For now, Sequoia-backed Onchain has around 30 customers with a focus on Asia. These include the foundations of the Neo and Ontology, and Wowoo, BiKi, and kuCoin on the exchange side.
Onchain went live back in April 2019 with a cold-storage-only v1 of their solution for custody. Typically, cold storage means crypto assets are stored on digital media that have never been and will never be connected to the internet. Like burying your private keys in the back garden, the access to your assets can take hours or even days, and thus not ideal for active trading.