In a scene from the 1980s hit movie Back to the Future, Marty (played by Michael J. Fox) does a rock guitar rendition at his parents 1950s high school dance. Leaving the crowd puzzled, he closes by saying, “you might not be ready for this yet, but your kids are going to love it.” As we look back at the evolution of hardware security modules (HSMs), innovative features have come as a result of changing security needs, and some have taken time to be widely adopted. Since their inception, HSMs have underpinned many of the technologies we now take for granted, and as they continue to evolve, they will undoubtedly play a key role in protecting the new technologies that we will depend on in the future.
This blog post examines how processing speed, robust security, the ability to securely run applications, deployment options, and support for strong quantum-resistant algorithms will continue to make on-premises and cloud-based HSMs indispensable components of enterprise cybersecurity strategies for generations to come.
A look back
On-premises HSMs have been around for decades, providing a root of trust to protect and manage underpinning cryptographic keys used for encryption and signing processes. They have often been perceived as mysterious devices sitting in back offices and data centers, working behind the scenes to protect everything from sensitive data to software downloads. HSMs have evolved over the years to meet the changing needs of the security landscape; most notably their design has addressed scalability, tamper protection, and ease of use and integration with the applications they support. Tamper-proofing has enabled HSMs to detect attempts to physically access or modify them, making it virtually impossible for attackers to get to the sensitive keys they store. Other aspects of their evolution have included performance improvements and support for new symmetric and asymmetric algorithms to stay up to the latest standards.
As the need for stronger cryptographic security grew, HSMs became more sophisticated, adding feature capabilities such as on-board secure execution that enabled complete sensitive applications to run inside their protected certified boundary. With the recent migration to cloud-based deployments, the traditional on-premises HSM model has also been transformed. Cloud-based HSM-as-a-service models are now available, offering enterprise customers the ability to consume cryptographic services without having to own and maintain the physical HSMs.
Today’s environment
A fast-paced digital environment requires organizations to process data quickly and securely. High-performance, crypto-agile HSMs provide rapid processing speeds and support for multiple hashing mechanisms and encryption algorithms. Today’s HSMs can also be configured to support custom algorithms, making them versatile for enterprises that require high levels of security and flexibility. As the need for data security continues to grow, the importance of high performance and cryptographic agility will continue to increase, making HSMs a valuable investment for enterprises that need to keep up with the latest security standards.
Modern HSMs also increasingly find themselves in use cases beyond traditional cryptography. These include securing more advanced applications such as blockchain, secure storage for sensitive data in cloud computing environments, and 5G cellular communications where security has been stepped up due to known vulnerabilities and potential man-in-the-middle attacks. With the rollout of 5G networks, hybrid symmetric/asymmetric algorithms, designed to validate user identity and to protect against unauthorized access, authenticate exponentially growing number of subscribers and devices. Running these algorithms within the tamper-resistant environment of an HSM has become critical for the security of these rollouts. Typically offered as certified devices, HSMs have also evolved to meet the changing needs for compliance to regulatory requirements.
The quantum threat
The increasing prevalence of quantum computing poses a new threat to the security provided by HSMs. Quantum computers have the potential to break many of the cryptographic algorithms (specifically asymmetric algorithms including elliptic curves) that are commonly used to secure data today. Because quantum computers can solve problems that had been considered intractable for classical computers, such as factoring large integers and solving discrete logarithm problems, the need to ensure that HSMs are ready for a post-quantum world is increasingly top of mind for many organizations.
To address this threat, new algorithms that are resistant to attacks from quantum computers are already in development under the leadership of the U.S. National Institute of Standards and Technology (NIST).
Way forward
In Back to the Future, the crowd at the dance was not yet ready for the future, but Marty was already ahead of the times. Having a unique perspective can make all the difference when it comes to preparing for evolving challenges. Today, organizations need to make the most of new revolutionary technologies such as cloud, blockchain, and others, while ensuring that their sensitive data stays safe and secure.
With the right security strategy and solutions, organizations can chart a secure future that addresses the performance, certifications, and cryptographic agility needs for today and tomorrow. The newly launched Entrust nShield 5 builds on the proven nShield HSM capabilities to provide enhanced performance, compliance with the latest Federal Information Processing Standard (FIPS 140-3 certification expected Dec ’23) cryptographic robustness requirements, secure execution, and support for the new NIST-shortlisted quantum-resistant algorithms.
To learn more about nShield 5 and how it can change your future, visit our new product page here.
