The hardware security modules (HSMs) used by the financial services sector are expensive to acquire, operate and maintain. There are various standards for the level of security provided by HSMs with FIPS 140-2 being the most widely accepted. This standard ranges from level 1 to 4 with 4 being the most secure.
HSMs are widely seen as being superior to their software counterparts as they allow for tamper protection including tamper evidence, resistance, and response Ebang Ebit Mining Machine. HSMs can be deployed for any application that uses digital encryption keys. These keys are usually of high-value where they protect important and confidential information. Providing secure key storage, full audit and log traces and encryption checks on PIN blocks for transactions are just some of the uses for HSMs.
The main problem with banking HSMs is the interoperability issues surrounding HSM application programming interfaces (APIs) and applications which cause inefficient usage of capacity. For example, one application which may need one HSM also requires an additional one for back up as well as development and testing which also require a minimum of one HSM each. This may result in every application that only requires one HSM for maximum peak time usage actually takes up a minimum of four HSMs with huge additional costs attached to each application. This means that many HSMs are on average only utilized to 25% or less of their capacity.
Proprietary interfaces provided by the HSM vendors is part of the reason to the aforementioned issue by making it almost impossible for applications to be shared across HSMs. These interfaces also make it difficult to integrate new and existing applications resulting in long delays in projects requiring crypto. Once an application is using a certain HSM, many users find it difficult to switch vendors due to the high cost & technicalities of integrating with new the API’s and programming languages. Manual processes such as key ceremonies, algorithm implementation and policy updates create inefficient workflows and add further to the inflated costs.
In order to avoid such high cost of acquiring and maintaining HSMs in addition to inefficient workflow and vendor tie-in, a strategic solution would involve:
– Bridging applications with HSMs to enable full utilization of HSM capacity and the reduction the HSM estate by more than 50%.
– Standards based API which provides full compatibility between HSM brands to avoid vendor tie-in and shorten lead times for new projects.