nCipher Security Blog

Hardware Security Modules for more than UK Government PKI

John Grimm | Vice President of Strategy and Business Development More About This Author >

Our recent blog (UK Government PKI) reflected on enterprise cryptographic products being used successfully to protect UK Government IT Systems, with a particular focus on public key infrastructures. Indeed, the application of hardware security modules (HSMs) to protect keys in a certified hardware environment is now broadening to support the demand for higher assurance security in other areas of IT.

For example, cloud service providers are now embedding HSMs into their data centres to allow organisations to take advantage of the savings offered by cloud services whilst still having control over the keys used to protect their data ( Bring Your Own Keys).

Organisations are also looking at using the cloud for hosting virtual machines and data storage. There are now packages which support the use of on premise HSMs to encrypt and control access to data stored in the cloud; once again putting the owners of the data in control of the access to, and the protection of, that stored information. Such packages even support the automatic and transparent transition from un-encrypted to fully-encrypted data, providing a fast path to meeting some of today’s data protection requirements.

Encryption isn’t the only technology supported by these HSMs. There are occasions where your applications need to handle and process the protected data. Like the original data, the protected data needs to adhere to a particular format. Tokenisation (commonly used with credit card details) and format preserving encryption are two techniques which are prevalent in this area.

So investments in today’s HSMs can allow you to manage your keys across a wider area of data protection requirements, not just PKI. Depending on how you use them, they can be agnostic of the service provider, allowing you to change to the most competitive service offering without having to re-invest in new crypto technology.

We are investing in research and development to help mature candidate technologies in this area. Our trust programme delivers solutions to meet the evolving requirements of customers with secure key management, connectivity, Gateway solutions and advanced cryptographic technologies.

As part of its trust innovation programme, we are strategically investing in:

  • Adapting our commercial enterprise cryptographic capabilities for government and critical national infrastructure
  • Developing next generation hardware security module technologies
  • Delivering a flexible digital trust infrastructure
  • Conducting advanced research into secure mobile remote access solutions