Today's enterprises have a lot to worry about when it comes to maintaining their encryption environments. For instance, organizations need to make sure their cryptographic systems have enough available CPU to perform encryption and hashing, among other cryptographic operations. They must also make sure they can store their encryption keys in a secure manner.
Some enterprises develop their own homegrown solutions to address these challenges, but they risk making a mistake and exposing their encryption assets in the process. As a result, many organizations instead turn to what are known as HSMs.
Short for hardware security modules, HSMsare physical devices that attach to a PC or server. Their purpose is to perform cryptographic operations to ensure secure key management. Enterprises can use HSMs to fulfill this latter objective by generating, backing up and storing all their keys on these hardened, tamper-resistant devices. Doing so will prevent the keys from ever leaving the cryptographic environment, thereby shielding them from data thieves.
Robust key management is just one of the benefits of using an HSM. As opposed to custom solutions, these devices are built on top of specialized software that's been tested and certified in designated laboratories. Peter Smirnoff wrote for Cryptomathicthat HSMs also come equipped with a security-minded operating system and limited accessibility through a network interface.
For all their advantages, HSMs aren't without their drawbacks. For example, Jim Attridge noted in a paper for the SANS Institute's Infosec Reading Room that these devices can be rather expensive, depending on their level of functionality and security. Attridge further observed that many vendors fail to disclose specifics about their HSM solutions and that updating these devices can prove to be difficult.
These challenges have not diminished the importance of HSMs for security professionals, however. According to its 2018 Global Encryption Trends Study, Thales found that a majority (57 percent) of IT and security practitioners worldwide in 2017 considered HSMs to be important or very important to their encryption or key management program or activities. 2017 marked the fifth consecutive year where the percentage of survey respondents who recognize the importance of HSMs grew. It also marked the fifth year in a row where the global deployment rate of HSMs increased, with 2017 peaking at an all-time high of 41 percent among respondents.
Some countries were more enthusiastic about the value of HSMs than were others. Germany, India, the United States and Japan were particularly excited at 71 percent, 65 percent, 64 percent and 63 percent, respectively. By consequence, the survey found that the enterprises in Germany, the United States and Japan were more likely to deploy HSMs than those in other countries.
In terms of deploying HSMs, enterprises had many reasons for doing so. The greatest percentage of organizations cited SSL/TLS at 43 percent. They were followed by application-level encryption and database encryption at 41 percent and 37 percent, respectively.
Respondents' justifications for planning to deploy HSMs within the next 12 months weren't all that different. The percentage of organizations that cited these factors did vary somewhat, however. Half of survey participants said they planned to facilitate SSL/TLS with their device. 40 percent said application-level encryption was the reason behind their choice, whereas 44 percent intended to use their HSM solution for database encryption.
Thales recognizes the importance of HSMs and other solutions that help safeguard enterprises' encryption environments. That's why it conducts its Global Encryption Trends Survey every year. It's also why it's partnered with Venafi, a co-sponsor of Thales' annual study, to help organizations protect their encryption keys and other sensitive data.
Venafi makes it easy to automate private key lifecycle management. This helps organizations enforce strict policy control, achieve compliance and avoid the risks associated with storing keys in files. Venafi Advanced Key Protect works with leading HSM providers to simplify the process of generating and storing keys securely—the keys never leave the HSM.