White paper: Next-gen virtual hardware security module (vHSM)
A hardware security module (HSM) is a physical device used by enterprises to secure digital keys. An HSM can generate secret keys and utilise them for cryptographic operations such as encryption and decryption, while protecting the keys against disclosure. Thanks to their physical isolation from external systems, tamper-resistant enclosures, and purpose-built nature, HSMs are considered highly secure and are entrusted to secure authentication, encryption, and digital signing.
Unfortunately, HSMs are only secure in an environment based on servers and on-premise data centres. Between a global move toward work-from-anywhere and an ever-increasing proliferation of Internet of Things (IoT) and Industrial Internet-of-Things (IIoT) devices, HSM is a wired technology for a wireless world.
Now, organisations aim to encrypt everything, everywhere, all the time – and HSMs do not fit the bill for enterprise banks or their customers. As business expands globally, with information spreading quicker to more devices and to and from the cloud, organisations using traditional HSMs are severely limited in their capabilities to protect and control their sensitive information and cryptographic keys:
- Lack of scalability: Scaling beyond existing HSM capacity requires purchase of new hardware, which can take weeks or months to deploy.
- Limited scope: Organisations adopting public cloud services are bound to the provider’s infrastructure, and have limited ability to use or control HSMs in those environments.
- Lack of agility: Any modification to existing deployed HSMs – to fix vulnerabilities or add new algorithms, for example – is a lengthy and expensive process, in many cases requiring complete hardware replacement.
In finance, it is critical to keep connections secure and safeguard sensitive data being sent between two systems – especially in the context of social engineering. Preventing a malicious adversary from copying certificates from the server and impersonating them is a key priority for financial CISOs today. The two systems in this scenario can be server-client or server to server.
Luckily, multiple global banks, Fortune 100 companies, and top-tier financial institutions have opted in to a solution: virtual HSMs.
This free white paper, from noted cryptographer and Unbound’s co-founder/CEO Prof. Yehuda Lindell, explores virtual HSMs, at length.
Download now to learn more about:
- What traditional HSMs are, and their advantages and disadvantages in today’s mobile environment.
- Virtualising HSMs via secure multi-party computation (MPC).
- The case for a virtual HSM (vHSM) model for enterprise – technical and business considerations.
CLICK HERE TO READ THE WHITE PAPER