Why Encryption Key Management? HSM as a Service for Financial Services

Barry Smith

Three significant benefits of ever-improving computing and communications resources are the wealth of financial information available to consumers, the diversity of financial services and the ease of completing transactions.

Whether you’re at your desktop or on a mobile device, you can research and conduct financial transactions that years ago would have required a visit to a bank, a call to a brokerage, a check to be cashed or a lengthy, paper-driven application process for a loan.

Cloud technologies play a significant role in facilitating the global distribution and interconnection that make financial services easy to access. The cloud lets a financial services firm quickly expand its coverage to a new geography, optimize processing and data management for that location and remotely monitor performance without the need for significant capital investment.

One of the continuing challenges for data-intensive organizations like financial services sector is data security. In response to the need, enterprise spend on data security continues to grow. According to IDC’s Worldwide Semiannual Security Spending Guide, 2019 expenditures for security solutions are forecast to Reach $103.1 Billion. Several factors make data security management all the more challenging for financial services organizations.

  • Frequency of data breaches, phishing schemes, DDOS attacks perpetrated by rogue governments and nefarious entities that cause financial damage and reputational harm.
  • Data security regulations like GDPR that dictate how data is acquired, where it resides and how it is processed. Failure to comply can result in significant fines or sanctions.
  • Multicloud environments required to support a variety of applications and provide services to widely distributed locations. According to the 2019 RightScale State of the Cloud report, 84% of enterprises responding have a multicloud strategy, with the average enterprise using four or more different cloud environments.
  • A widening range of “alt-data” sourcing to garner new intelligence including identifying relationships via social channels, location mapping via GPS or satellite, technology usage or “intent” intelligence open up new channels and new risks that need to be secured.

Managing large amounts of data subject to the regulations of the country where it resides requires data security methods designed for today’s cloud environments. For decades, financial services organizations have relied on hardware security modules deployed in their own data centers.

With the adoption of cloud technologies by banks, credit unions, insurance companies and a growing number of revolutionary fintech startups, those physical modules are rapidly being replaced by HSM as a Service for financial services organizations.

HSM as a Service for Financial Services Organizations

HSM as a Service provides centralized encryption key management capabilities equivalent to hardware security modules, supporting the full life cycle-generation, storage, management, rotation and destruction of keys. It meets the needs of financial services organizations who need to protect data regardless of location or cloud environment-private, public or hybrid. In comparison to HSM devices, HSM as a Service offers several compelling advantages:

  • On-demand availability: Unlike HSMs that can have protracted procurement and implementation cycles, HSM as a Service is available on-demand. Running as a service on high-performance servers, it eliminates the need for purpose-built hardware devices.
  • Easy scalability: As data and processing demands grow, HSM as a Service easily scales to meet the needs.
  • Cloud-neutral: Supporting centralized encryption key management for leading cloud environments like Alibaba, AWS, Azure, Google, IBM and Oracle.
  • Cloud-friendly development tools: An SDK supporting RESTful APIs, PKCS#11, CNG, JCE and KMIP interfaces that can be used to complement Open Bank Projects or fintech ecosystem partnership initiatives.
  • Simplified provision and control: Deploy keys where needed, at the digital edge, in close proximity to data to reduce latency, improve security and support new financial services made available by 5G network rollouts.
  • Added security: Maintains encryption keys in an entity separate from encrypted data. If a cloud data repository is breached, the encrypted data contained therein remains meaningless ciphertext.

HSM as a Service offers centralized management of encryption keys, rapid deployment and scalability, and the flexibility to place encryption key management services in locations that optimize data security and processing performance.

Security, Connectivity and Performance for Financial Services Ecosystems

HSM as a Service is available as SmartKey™ from Equinix and is hosted on Platform Equinix®, the world’s largest global platform of interconnected data centers and business ecosystems. With 200 data centers in 52 major metropolitan locations across 24 countries Platform Equinix hosts more than 1,800 network and 2,900 cloud and IT service providers.

Platform Equinix runs Equinix Cloud Exchange Fabric™ (ECX Fabric™) to orchestrate the software-defined connections. ECX Fabric enables financial services organizations to directly and dynamically connect distributed infrastructure and digital ecosystems globally. To further enhance network performance and data security, ECX Fabric also supports high-speed private connections that bypass the internet.

HSM as a Service for Multicloud Environments

As cloud technologies, 5G networks and innovative fintech startups bring an increasingly wider range of products and services to global consumers, encryption key management continues to provide the essential defense against data breaches and illegitimate usage of private data and intellectual property.

Considering the growing sophistication and frequency of threats, the pressure of compliance and the need to optimally locate encryption key service in multicloud environments, financial services organizations need to include HSM as a Service as a keystone of their data security strategy.

Barry Smith
Barry Smith Director of Market Development, Global Vertical Marketing Strategy