Security Modules (HSMs),
and Key Management
Home / The Keys to Building a Platform of Trust in Cryptography
Key business drivers of encryption
Organizations worldwide are turning to encryption to safeguard business-critical applications and sensitive information against inadvertent data loss or breaches from malicious attacks. The other main driver is compliance with worldwide data protection regulations and standards. Under GDPR, data encryption is strongly encouraged and the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to encrypt customers’ payment card data when it is both stored at rest and transmitted across public networks.
Hardware trust anchors
HSMs provide the highest standard of security and compliance. As self-contained appliances, they provide a trusted platform and security perimeter to perform cryptographic operations, digital signing, and key life-cycle management. The HSM architecture is well proven and effective at defending against a wide range of logical and physical attacks. HSMs can help to meet compliance mandates requiring that keys and crypto operations be performed within a hardware environment.
GP HSMs support key management functions for encryption as well as strong authentication for nonpayment transactions and are used for a variety of use cases where strong security and scalability are required to support cryptographic processing at high speeds.
Payment industry trends
The payment industry is undergoing rapid change and emerging technologies are putting digital payments at the forefront of this
transformation. Driven by COVID-19, consumers are changing their payment behavior, moving away from cash toward contactless
cards, mobile payment apps, and digital wallets. With the continued global trend to e/mcommerce, merchants are embracing alternative
payment methods to meet the payment preferences of their customers.
Top HSM attributes
In the survey the most important criteria for selecting an HSM solution are quality and reliability, high cryptography performance, and reputation of the product/vendor. CISOs and security architects cited peer reviews, trusted recommendations from consultants/system integrators, and working
experience with vendors as being influential in their HSM selection. In Europe and North America, a strong emphasis is put on the ability for firmware customization and ease of use for the developer or administrator.
Encryption key management
While organizations are committed to implementing encryption, they still struggle with operationalizing encryption key management. Key management is a challenge that grows with the size and complexity of the enterprise environment. Managing, tracking, and updating a growing number of keys across a distributed network typically requires increased management effort and handling cost. Lack of skilled staff, fragmented cryptographic operations, and poorly maintained encryption compound the complexity and breach potential. As scale increases, the case for automation becomes overwhelming.
Key attributes and features
Meeting compliance and security concerns ranked top when selecting a key management service (KMS), with 41% placing a high importance on support for FIPS 140-2 Level 3 or higher validated cryptographic modules. FIPS validation ranked particularly high in financial and government use cases.
HSM as a service combines the security of on-premises HSMs with the convenience, ease of use, and self-service of the cloud. For optimum efficiency, encryption keys are provisioned at the digital edge to reduce latency, but the keys remain separate from encrypted data to provide an added level of defense against data breaches. To accommodate the disparate cloud services, HSM as a service can protect data in hybrid or multicloud environments.
The quantum computing threat The computing power required to break today’s crypto algorithms is incredibly high. With the advances in quantum computing, however, common public key cryptography algorithms, including RSA and Diffie-Hellman, will become ineffective over the coming 10 years. The scale of the potential threat is great to both traditional IT environments and IoT ecosystems.
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. For additional information on IDC, please visit https://www.idc.com.