Thales Blog

Why Can’t I Remotely Manage My HSMs Like I Remotely Manage My Servers?

March 29, 2011

It’s not only good security practice, it’s common sense that you don’t want any Tom, Dick or Harry (or Eve or Mallory) to be able to change keys or update software on your Hardware Security Modules (HSMs).

HSMs are at the heart of your payment security, ensuring cryptographic keys are safe and providing a secure cryptographic processing environment. That’s why changes on HSMs require authorisation by two or more people, keys must be split and held by two or more people, and so on - all standard security practices as laid down by ISO 11568, ISO 9564 pt1 and PCI-HSM to name but a few.

And so, to change or add zone keys, roll over local master keys, add applications or update software (to meet PCI-DSS requirement 6 for example), security officers must visit their data centre to manage their HSM. Then of course there is the disaster recovery site, which must also be visited to make the same changes. All of this can add up to a time consuming and onerous set of tasks. With the merger of banks, increasing globalisation, the consolidation of data centres and with “locked down” secure areas containing HSMs only being accessible at set times of the day (or night) the problem is compounded. Security officers can find themselves regularly travelling to data centres in cities or countries far away from their place of work to manage their HSMs and keep their organisations safe.

But it doesn’t end there. As the major card schemes demand ever tighter controls and audit standards, and as organisations become increasingly globalised, the time and monetary costs of travelling between data centres become significant. One bank I know estimates its travel and personnel costs to manage its HSMs are in excess of $160,000 per year, not taking into account the personal inconvenience.

To overcome these challenges, remote access is definitely the way forward. It enables backup HSMs to be brought into service, or existing ones to be reconfigured, without having to be present at the data centre and have a security officer in attendance. Fortunately, tools that enable remote access to be just as secure as local HSM management are now available. Indeed, this is what many forward thinking financial institutions have put in place over the last 18 months and they are now reaping the benefits.