nCipher Security Blog

The nCipher Security Web Services Option Pack …reasons to be cheerful…1,2,3

Iain Beveridge | product marketing manager, nCipher Security More About This Author >

I had an earworm this morning, Ian Dury and the Blockheads 1979 hit “Reasons to be Cheerful, Part 3.” By coincidence it reached number 3 in the UK charts back then. It might be a somewhat tenuous link but it did get me thinking about nShield customers and why they might have reasons to be cheerful! In the enterprise domain many of our customers want to develop highly scalable applications using modern tools and techniques. Web services is one area where given the proliferation of the internet, web servers, client servers and associated infrastructure are now ubiquitous. For those unfamiliar with the terminology, web services are essentially a set of rules and technologies that enable two or more components (usually servers or appliances) on the web to talk to each other. These components talk to each other using a simple language or protocol called HTTP or HTTPS where the S denotes secure. Many web pages are now delivered by default by Google, Microsoft et al., using HTTPS. Want to see HTTP/HTTPS commands for yourself? Just go to your internet browser, top right pull-down menu, select developer tools, select the network tab and there you go - a stream of HTTP/HTTPS commands are visible handling calls to the site hosting the web service. Every click you make on a browser initiates this traffic.

In addition to web services, another useful concept has been embraced by the IT community. These are called REST or REST APIs where REST stands for REpresentational State Transfer. In brief, REST enforces good behaviour when appliances, network servers, clients and other entities (collectively called resources) interact. Importantly REST uses HTTPS to communicate. State transfer relates to the servers, appliances or resources. It means that the HTTPS payload going from one server to another doesn’t need to have pre-existing knowledge of its destination. The payload contains all the information it needs to be sent to any relevant resource. This is handy because if one resource is busy, the payload can be redirected elsewhere.

So returning to the main topic…reasons to be cheerful. nCipher has launched the latest version of its Web Services Option Pack (WSOP), a plug-in for use with nShield hardware security modules (HSMs) and Security World Software. Customers who want to deploy an HSM in a web services environment should consider the following cheerful reasons to adopt WSOP:

Reason 1: Typically, HSM deployments require proprietary software to be installed on the application server to allow them to communicate with the HSM. The software footprint requirement doesn’t lend itself particularly well to dynamic and highly scalable environments where customers don’t want application servers to be reliant on proprietary code, drivers etc. By embracing web services and REST, WSOP negates the need for an application server software footprint. With WSOP, any number or type of application servers can communicate seamlessly with the HSM using simple HTTP commands.

Reason 2: I mentioned earlier about how the HTTP payload didn’t need to have pre-existing knowledge about its destination. This is useful when it comes to managing a pool of HSMs and distributing the workload evenly. Customers may want to make use of their own off-the-shelf load balancing appliances. These are designed to consume HTTP traffic and are therefore ideal for managing the workload on a pool of back end resources. With WSOP in conjunction with nShield HSMs you can now do that.

Reason 3: Application servers generally communicate with HSMs using APIs such as PKCS#11, MSCAPI and Java JCE. Typically, you require crypto expertise to develop/integrate with these APIs. Customers ideally want something more intuitive, a solution that doesn’t require expert API programming knowledge. By adopting WSOP with your nShield HSM deployment you can generate keys and carry out simple crypto operations such as sign, verify, encrypt and decrypt using the universal HTTP protocol. It’s simple, straight-forward syntax means you won’t need to tie up your crypto experts learning how to program securely with complex APIs.

So back to Ian Dury’s song, Reasons to be Cheerful, Part 3. We’ve found three good reasons to consider deploying nCipher’s Web Services Option Pack in conjunction with an nShield HSM infrastructure!

Download the datasheet to learn more about the nShield Web Services Option Pack and visit our dedicated cloud security landing page here. You can also follow nCipher on Twitter, LinkedIn, and Facebook.