nCipher Security Blog

The Need for Portable Key Management

When nShield Connect was launched as a network attached hardware security module (HSM), it eliminated the need to embed a dedicated HSM (via an internal PCI slot) into every server that needed its keys protecting.

This meant that a single HSM could be shared by many servers, reducing deployment cost and centralizing management operations. This is ideal in datacenter settings where business applications often run on a pool of multiple servers (as in a server farm).

Fast forward to today, enterprises strive for increased agility and increased efficiency and as a result many operational and administrative tasks associated with these security systems are performed at remote locations even from home offices or on the road from hotels. As security systems themselves increasingly rely on the use of cryptography, for example to ensure customer privacy through the use of data encryption, technologies such as digital signatures and strong authentication become commonly used to administer these systems. The challenge of professionally managing keys and maintaining system level security is no longer confined to the datacenter.

Outsourced or distributed software development provides another example. Given the intellectual property involved and the risk of malware injection during or after the development process, companies often establish strict methods to ensure the integrity of software releases, with developers and quality assurance (QA) teams required to digitally sign code to attest to the authenticity of the software.

It is unwieldy for QA managers to rely on access to a few trusted machines (ideally containing HSMs) to apply these digital signatures – creating a potential bottleneck when publishing software. The obvious answer is to use smart cards as personal wallets for signing keys. But this is not always the right answer. Smart cards are not HSMs; they may offer sufficient protection for authentication credentials (e.g. for building access) but they typically lack the robust access controls and key recovery capability required for high-value signing keys.

Very often the multi-faceted security procedures required in many settings, including within outsourced software development environments, cannot be supported by smart cards. As an example, some companies might decide that authorization from two separate individuals within the QA process is required to release code for review and that’s not easy to achieve with isolated smart cards. In these scenarios, a portable HSM is the perfect answer, as it bridges the gap between the portability of a smart card and the security properties of a traditional enterprise grade HSM.

As encryption and key management become more pervasive across various enterprise processes, a greater variety of HSM form factors is required. Just like we have blade servers, standalone servers, desktops and laptops, we’ll need HSM technologies that can support all these various computing environments. Watch this space, you can bet this is something we are working on.