Would you leave the keys to your house or a safe deposit box in a place easily discoverable by a burglar? Would you make it easy for identity thieves to easily duplicate your signature? Clearly, not. You would ensure your personal keys are securely stored at all times and never made available for people to copy or steal. Furthermore, you’d make your signature unique and difficult to forge.
So in the business arena when you have data protection solutions needing encryption keys or digital signature solutions requiring the use of private keys, protecting those keys is critical. Demonstrating the effectiveness of the protection is often the difference in being able to meet your industry, national or international regulations.
HSMs or Hardware Security Modules are the solution to this business problem. They offer a certified, hardened, and tamper-resistant environment and deliver all the attributes to secure your business’s data protection solutions and ensure integrity, confidentiality, and authenticity in transactions across a wide range of business applications.
Compared to software solutions, HSMs provide a protected environment, isolated from the application host, for key generation and data processing. Furthermore, HSMs ensure cryptographic keys are secured when not in use, reducing the attack surface and defending against unauthorized use of the keys.
HSMs not only provide a secure environment that protects keys throughout their lifecycle, they also provide strong controls (enforced within the secure boundary of the HSM) over who is granted access to the keys and what they can do with those keys. They can ensure that access is only granted when authorized by a quorum of managers and can restrict the tasks allowed by users based on their roles. For instance, some set of users can be restricted to administrative tasks (such as configurations or upgrades), others may be allowed to set or modify policy, while others can be restricted to using particular keys or sets of keys.
Without the use of an HSM, your business cannot be sure that an adversary does not have access to your data and cannot steal your keys and impersonate you in unauthorized transactions – especially in a world rife with both internal and external security challenges. As my colleague and Entrust SVP Cindy Provin noted in her blog introducing Entrust Security, “Whether it’s cloud technology, digital payment methods or the internet of things, we are all too aware that with fast-moving technologies comes heightened risk.”