How To Overcome HSM Cost Objections

By Peter DiToro, Vice President of Customer Services, Thales e-Security

Cryptographic keys truly could be called the keys to an organization’s digital kingdom and that’s why they must be protected, both at rest and in use. Hardware security modules (HSMs) were created to do just that. HSMs act as both a locked box and a secure management platform for cryptographic keys — because the fact is, however powerful and flexible a crypto system may be a breach of cryptographic keys destroys its integrity. Consequently, HSMs have become the default foundation of security for any modern crypto system.

The drawback here for VARs is that HSMs are costly. In addition, the niche and often arcane world of crypto is not well understood within the broader IT community. As cryptographic applications have surged into the mainstream it can be tempting to cut corners, to deploy sensitive cryptographic operations without sufficient protection. Until the recent explosion in crypto deployments and the ensuing surge in highly public breaches, little thought was given to securing the foundational aspects of key generation, key management, and protection of core crypto applications.

Then came the Internet of Things (IoT).

A smartphone, for instance, has to have an identity. It stores encryption keys and digital certificates. It can easily become a proxy for its owner’s identity in Internet transactions. Suddenly, we find ourselves transacting with countless things on the Internet and HSMs, the means by which trustworthy digital identities are secured, have become more pertinent. The risk of brand and identity damage caused by exploitation of a weak crypto system dwarfs the cost of HSM deployment. Shortcuts no longer make sense.

Any IoT-capable device must have an identity, most likely based on digital certificates issued by a Public Key Infrastructure (PKI). When an autonomous entity on the Internet, from a help bot at a major retailer to a smart refrigerator, presents its credential and asserts an identity and associated trust level, users want to be able to rely on it. This means, as a first principal, the cryptographic materials underpinning that identity cannot be forged or stolen.

Thousands of device manufacturers are creating digital certificates and keys for IoT devices. Suddenly, the idea that one’s keys and PKI could get compromised and millions of devices could be put in jeopardy hits home. The scope of the business problem rises from an interesting niche problem set to one with existential implications for modern e-Commerce.

Cautionary Tales

Consider the Heartbleed bug. It was a serious vulnerability in the popular OpenSSL cryptographic software library. Heartbleed acts like a guided missile looking for SSL keys. Once a hacker exfiltrates a copy of those keys, he or she can act as a man in the middle. But Heartbleed was a memory scraper; it works only if the organization is doing its crypto on the server, with the keys in plain text in memory. However, if the organization is securing its SSL keys within an HSM, Heartbleed can’t see them.

Stuxnet is another example. The Stuxnet authors stole code-signing certificates and their associated private keys from a pair of hapless Taiwanese component manufacturers. This enabled the Worm to replicate itself across servers using stolen code signing keys to mask its origin and intent. If those code signing keys had been maintained and used within an HSM, Stuxnet would have happened to someone else.

5 Best Practices To Keep Data Safe

For cryptography to be successful, it must have high-integrity key management systems and practices to undergird it. For example, if the root key of a PKI is compromised, the entire system collapses. Advise buyers to follow these simple best practices.

• Define what data is critical and then locate it: in order to encrypt your data effectively, you have to know where it is, which means you have to begin the process of data categorization.
• Encrypt your critical data: with this new breed of sophisticated and well-organized cyber criminals, it’s too risky to leave data in the clear during any phase of its lifecycle.
• Opt against software-based crypto: determine that crypto keys will only be used within the parameters of an HSM.
• Make use of an HSM: when deploying cryptographic technology, HSMs provide a hardened, secure root of trust to enable a higher degree of security.
• Train your people: invest in your people and in the basics building blocks of cryptographic technology. You’ll increase the probability of a secure deployment and scare off the majority of attackers.

Once seen as a pricy extra for giant enterprises, HSMs are enjoying a renaissance of sorts due to the Internet of Things. As a trusted industry resource, VARs can help their customers see that expense becomes relative when weighed against what an organization stands to lose if the keys to its kingdom are compromised. HSMs offer the hardened, secure root of trust that organizations need — particularly if they must issue and manage a high volume of cryptographic keys.