Yahoo! JAPAN Strengthens Security and Business Continuity with nShield HSMs
When Yahoo! JAPAN needed to authenticate and certify that every application in its IT infrastructure can be trusted, it turned to Entrust nShield® HSMs to act as a secure and scalable key storage environment and support robust authentication.
Customer Profile
Yahoo! JAPAN is one of the country’s biggest and most popular portal sites, with about 80 million people visiting the website every year. It is a subsidiary of Z Holdings Corporation, headquartered in Tokyo, and its offerings include e-commerce, internet advertising, and member services.
Objectives
- Maintain customer service levels and security
- Business continuity
- Certify and authenticate every application running on Yahoo! JAPAN’s PKI
Technology
Overview
HSMs Deliver a Higher Level of Data Security
Yahoo! JAPAN implemented a public key infrastructure (PKI) using digital certificates to identify and authenticate applications that access the system. Because digital certificates facilitate the verification of identities between actors in a transaction, it is imperative to protect the authenticity and integrity of the certificate, and thus maintain the trustworthiness of the system.
The certificate authority (CA) is the core component of a PKI and is responsible for establishing a hierarchical chain of trust. CAs issue the digital credentials used to certify the identity of actors. The CA underpins the security of a PKI and therefore can be the focus of sophisticated, targeted attacks. To ensure encryption keys were securely stored, highly available and effectively managed, Yahoo! JAPAN needed physical and logical controls as well as HSMs in place.
HSMs are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates. After reviewing HSMs from two different vendors, Yahoo! JAPAN decided on Entrust nShield® HSMs to provide the secure and scalable key storage environment.
Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial, and government organizations. The purpose-built hardware devices are designed to generate, safeguard, and manage cryptographic keys on behalf of applications. The unique nShield Security World key management architecture enforces important separation of duties with dual controls that segregate security functions from administrative responsibilities.
Yahoo! JAPAN chose nShield HSMs because of their industry leadership, reliability, and scalability, the number of applicable use cases, and the experience of the Entrust technical team. nShield HSMs were deployed across two geographically separate data centers, located in eastern and western Japan.
The introduction of Entrust nShield HSMs has been a significant contribution to increasing the security of Yahoo! JAPAN’s authentication platform.
Senior Manager
Security Engineering Department, Yahoo! JAPAN
Secure, Scalable Key Storage
All the nShield HSMs run under the same nShield Security World, which enables load balancing and failover between the HSMs. So, in the unlikely case that one of the HSMs should fail, the others immediately pick up the slack. And, even if one data center was to go down, the HSMs in the other data center would be able to respond to demand.
As its nShield HSMs run in physically secure, lights-out data centers in locations far from the IT staff who manage them, Yahoo! JAPAN also installed nShield Remote Administration. nShield Remote Administration lets the IT staff manage the HSMs – including adding applications, upgrading firmware, and checking status – from wherever and whenever they choose. This means less travel to data centers, helping cut maintenance and travel costs and optimizing resources.
The Senior Manager of the Security Engineering Department, Yahoo! JAPAN, adds: “The introduction of Entrust nShield HSMs has been a significant contribution to increasing the security of Yahoo! JAPAN’s authentication platform. We were impressed with how easy they were to install and operate and are very satisfied with their performance, functionality, and Entrust technical support.”
Related Products & Services
Entrust nShield HSMs
FIPS-certified, tamper-resistant devices for secure cryptographic processing, key generation and protection, encryption, key management, and more.
Entrust nShield Remote Administration
Create a secure connection between your remote HSM and your local remote administration cards and trusted verification devices.
nShield Security World Architecture
nShield Security World supports Entrust nShield HSMs by creating a unique, flexible key management environment.
Related Resources
Fill out the form to have one of our experts contact you to discuss how nShield HSMs can enable your digital security use cases.