I’m not really one for bucket lists. However, if I did have one, fairly near the top would be to visit the island of St Kilda. Many of you won’t have heard of it. It’s the western-most island of the Outer Hebrides, part of the British Isles, and located 40 miles out from its nearest neighbouring island, right on the north-west tip of Scotland – and the last land you’ll see before arriving in America. It’s remote! St Kilda is a clutch of tiny rugged splinters of rock protruding from the depths of the Atlantic Ocean. For centuries St Kilda was populated by a few hundred hardy people who managed to carve out an existence without basic amenities and very limited communication with the outside world.
The islanders were very much at the mercy of the weather and would be frequently cut off from the outside world for months on end. During these times they would resort to putting their mail for the mainland into a small wooden box, attached by rope to a buoy formed from an inflated sheep’s stomach. The contraption was affectionately known as the St Kilda mail boat. They’d toss the box into the swell of the Atlantic Ocean hoping it would travel the 40 miles to the nearest neighbouring island or be intercepted by a passing boat! Sometimes the mail found its way to its intended destination, although frequently mail would turn up in Iceland or Norway!
That was remote communication in the last century, but what does remote communication mean for us today? In a world where enterprises are embracing cloud-first strategies and with deployments in geographically dispersed data centers?
Most security conscious organizations today deploy hardware security modules (HSMs) to protect their business critical information and applications. HSMs protect the cryptographic keys that protect that data, and the keys are often regarded as the crown jewels of an organization. But HSMs are often deployed in distant lights out data centers, far away from an organization’s HQ.
By their very nature HSMs are designed to be resilient and have limited options for facilitating remote communications. Perhaps not the same level of remoteness as the inhabitants of St Kilda, but it does present a number of challenges for customers should the HSM require maintenance, administration or monitoring. To solve this problem Entrust provides a range of solutions:
- Remote Administration allows a quorum of HSM administrators to present their authorization tokens remotely, thereby avoiding the burden of travelling to the data center. The underlying technology is pretty impressive, underpinned by an AES 256bit strength secure channel. Although I must confess, as product manager for this product at the time it was developed, some might say I would say that!
- The latest version of our flagship nShield Connect XC offers a serial console which makes for a simple installation experience, allowing all operations normally requiring physical presence at the HSM (such as network settings), to be configured and re-assigned remotely.
- nShield Monitor collects and collates SNMP data streams from all the individual HSMs to provide a single consolidated dashboard allowing you to monitor the health and utilization of your HSM environment, helping you optimize operations and increase uptime.
- nShield as a Service is Entrust’s cloud-based HSM solution for customers who want the flexibility of a subscription-based model for consuming cryptographic services they need. Available either as a self-managed or fully-managed service, the solution allows you to have complete control of your keys irrespective of which cloud service provider you choose, supporting both multi-cloud and hybrid cloud models. It’s the ultimate manifestation of a remote solution.
So I’ve discussed 21st century solutions to solve the issue of remote access to HSMs. Now some of you may be wondering what happened to the inhabitants of St Kilda. By 1930 the remaining 36 islanders had had enough of their spartan, rugged existence and left the island never to return. Today St Kilda is a World Heritage site, has a small military presence and occasional sight-seeing trips are possible, weather permitting of course!
Here’s hoping I’ll get to see it some day!