Skip to main content
banner image
venafi logo

What are Hardware Security Modules? And Why Are They Important to Your Organization?

What are Hardware Security Modules? And Why Are They Important to Your Organization?

Hardware Security Module
June 26, 2018 | David Bisson

Today's enterprises have a lot to worry about when it comes to maintaining their encryption environments. For instance, organizations need to make sure their cryptographic systems have enough available CPU to perform encryption and hashing, among other cryptographic operations. They must also make sure they can store their encryption keys in a secure manner.

Some enterprises develop their own homegrown solutions to address these challenges, but they risk making a mistake and exposing their encryption assets in the process. As a result, many organizations instead turn to what are known as HSMs.

Short for hardware security modules, HSMs are physical devices that attach to a PC or server. Their purpose is to perform cryptographic operations to ensure secure key management. Enterprises can use HSMs to fulfill this latter objective by generating, backing up and storing all their keys on these hardened, tamper-resistant devices. Doing so will prevent the keys from ever leaving the cryptographic environment, thereby shielding them from data thieves.

Robust key management is just one of the benefits of using an HSM. As opposed to custom solutions, these devices are built on top of specialized software that's been tested and certified in designated laboratories. Peter Smirnoff wrote for Cryptomathic that HSMs also come equipped with a security-minded operating system and limited accessibility through a network interface.

How much do you know about Machine Identity Protection? Find out. 

For all their advantages, HSMs aren't without their drawbacks. For example, Jim Attridge noted in a paper for the SANS Institute's Infosec Reading Room that these devices can be rather expensive, depending on their level of functionality and security. Attridge further observed that many vendors fail to disclose specifics about their HSM solutions and that updating these devices can prove to be difficult.

These challenges have not diminished the importance of HSMs for security professionals, however. According to its 2018 Global Encryption Trends Study, Thales found that a majority (57 percent) of IT and security practitioners worldwide in 2017 considered HSMs to be important or very important to their encryption or key management program or activities. 2017 marked the fifth consecutive year where the percentage of survey respondents who recognize the importance of HSMs grew. It also marked the fifth year in a row where the global deployment rate of HSMs increased, with 2017 peaking at an all-time high of 41 percent among respondents.

Some countries were more enthusiastic about the value of HSMs than were others. Germany, India, the United States and Japan were particularly excited at 71 percent, 65 percent, 64 percent and 63 percent, respectively. By consequence, the survey found that the enterprises in Germany, the United States and Japan were more likely to deploy HSMs than those in other countries.

In terms of deploying HSMs, enterprises had many reasons for doing so. The greatest percentage of organizations cited SSL/TLS at 43 percent. They were followed by application-level encryption and database encryption at 41 percent and 37 percent, respectively.

Respondents' justifications for planning to deploy HSMs within the next 12 months weren't all that different. The percentage of organizations that cited these factors did vary somewhat, however. Half of survey participants said they planned to facilitate SSL/TLS with their device. 40 percent said application-level encryption was the reason behind their choice, whereas 44 percent intended to use their HSM solution for database encryption.

Thales recognizes the importance of HSMs and other solutions that help safeguard enterprises' encryption environments. That's why it conducts its Global Encryption Trends Survey every year. It's also why it's partnered with Venafi, a co-sponsor of Thales' annual study, to help organizations protect their encryption keys and other sensitive data.

Venafi makes it easy to automate private key lifecycle management. This helps organizations enforce strict policy control, achieve compliance and avoid the risks associated with storing keys in files. Venafi Advanced Key Protect works with leading HSM providers to simplify the process of generating and storing keys securely—the keys never leave the HSM.

Learn more about how Venafi Advanced Key Protect can help you get more value out of your HSM.

Learn more about machine identity protection. Explore now. 


Related posts

Like this blog? We think you will love this.
image representing big data
Featured Blog

Was ist homomorphe Verschlüsselung, und wie wird sie verwendet?

Was ist homomorphe Verschlüsselung? Zweck der

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more