Why can’t HSM and key management be provided to you as a managed service? Or can they?..

For historical reasons and technological barriers traditional HSM and key management did not, and still cannot, be delivered as a managed service. And that has been the case for the last 25 years.

But what if they could be delivered as a secure, easy and simple to consume managed service? Would you consider it? If you would — this post is for you.

The Problem

Enterprises, large and small, require encryption services, and the needs are increasing fast:

  • Migration to the cloud accelerates the need: Data stored on public clouds must be encrypted at all time (no need to mention ad-nausea the daily data breaches). So does the data in motion that moves from the cloud to the users and back to the cloud.

The Gap

Presently, most enterprises do not have in-house skill-sets, and in many cases neither the required budget, to engage with encryption, key management and HSM. On the face of it, this is a classic scenario calling for the introduction of managed services (MSP and MSSP), as was the case with network security in the past.

But existing and legacy HSM and key management solutions were not designed to be delivered as a service, let alone managed service. And, adding to the conundrum — how can one trust 3rd party to manage its most sensitive data?

Looking at it with clean state: How should managed HSM and key management look like if they were to be delivered as a managed service?

  • First and foremost, the HSM should be able to be delivered as a service. And, to simplify things, the HSM and the key management should be one, integrated solution. This means technology and solution designed from the ground up to be delivered as a service.

The Solution

So, there you have it, the blueprint of HSM and key management for this day and age, which can easily and securely be delivered as a managed service. Only, such a solution already exists, today: Fortanix Self-Defending Key Management Service™ (SDKMS).

Fortanix SDKMS

SDKMS is the world’s first commercial product using Intel SGX technology and allows customers to en-joy a cloud-scalable HSM and key management integrated solution which is also FIPS 140–2 level-3 certified:

  • Offered as a multi-tenanted SaaS service, single-tenant or on-premises (self-hosted service).

Originally published on https://www.fortanix.com/blog/2018/04/why-cant-hsm-and-key-management-be-provided-as-a-managed-service/

Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!