The Next Generation
HSM approach delivers unparalleled cost/benefit for organizations
- By Anand Kashyap
- Dec 01, 2018
Hardware Security Modules, or HSMs, protectagainst insider and external threats bydelivering confidentiality for encryption keysin a physically hardened appliance. Theywere initially developed by the military forthe military, then were first leveraged commerciallyin the financial services sector. Now HSMs can beseen in a variety of applications ranging from PKI to codesigning to databases.
Despite their strong security benefits, HSMs designed witholder generation technology present significant hurdles to adoption.First, they are built using proprietary hardware that has ahigh initial acquisition cost. Second, they bring significant complexityand cost of operations. In many cases, the personnel coststo manage and operate these HSMs greatly exceed the appliancecost. The total cost and complexity prove to be prohibitive formany organizations, leading to critical gaps in encryption keymanagement for data protection.
However, newer technologies are available today which canenable organizations to reassess their cost/benefit analysis andimplement stronger security controls with low initial investment.Organizations are finding that next-generation HSM and KeyManagement capabilities offered as a subscription-based approachdeliver powerful data protection and TCO benefits.
In the past, organizations had only the CAPEX model topurchase HSMs. The hardware typically cost at least $20,000 todeploy, $40,000 for high availability, and multiple times more fora typical enterprise deployment. Most cases required additionalcomponents and costs for such features as client-side connectors,partitions, KMIP support, Elliptical Curve algorithms, master keyexport, remote administration, and maintenance. Added up, deploymentcosts for real-world use cases often started at $250,000.This cost scenario left most organizations unable to leverage thepower of HSMs and open to data breaches and insider attacks.
Next-generation HSMs today offer a subscription, or OPEX,model with flat, predictable pricing and a low barrier of entry,providing an attractive cost/benefit scenario that is attainable formost organizations. The leading appliances use commercial offthe-shelf (COTS) servers hardened for NIST FIPS 140-2 level-3,significantly reducing the initial acquisition cost. A HSM-as-aservice(HSMaaS) subscription software license combined withan all-inclusive model offers predictable pricing for current andfuture use cases. Additionally, those next-generation HSMs followinga software-defined design can even accommodate organizationsthat prefer to use their own servers for cost or supplychain efficiency purposes.
The CAPEX model bundles software and hardware togetherand often leads to paying for the software several times.
For example, if an organization, after a few years, needs toupgrade their hardware due to growing demands, they must purchaseanother hardware and software bundle, effectively duplicatingtheir software payment. Next-generation HSMs’ approachenables organizations to purchase new servers or appliances andtransfer the software licenses over, thereby lowering long-term acquisitioncosts. The OPEX model gives organizations the flexibilityto more frequently upgrade to the latest Intel x86 processor, asan example. A higher performance processor means they can domore with less, which lowers overall costs.
- « previous
- 1
- 2
- next »
This article originally appeared in the November/December 2018 issue of Security Today.
Featured
-
Perimeter Security Standards for Multi-Site Businesses
When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
-
-
Live from ISC West: Just One Week Left
The time is almost here. ISC West 2024 kicks off next week in Las Vegas. This year’s show will take place April 9-12 at the Venetian Expo in Las Vegas, Nevada. The Campus Security & Life Safety and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from ISC West 2024 page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now
- Industry Events
- ISC West
-
Push the Start Button
Attending ISC West in Las Vegas is an exhilarating experience, blending professional networking with moments of pure enjoyment. Reconnecting with old friends amidst the bustling atmosphere of the convention center infused the event with a sense of familiarity and warmth. Read Now
- Industry Events
- ISC West
-
Mobile IDs, MFA and Sustainability Emerge as Top Trends in New HID Report
HID recently announced its 2024 State of the Security Industry Report, which gathered responses from 2,600 partners, end users, and security and IT personnel worldwide, across a range of job titles and organization sizes representing over 11 industries. Read Now
- Access Control