What is a Credentials Management System?

What is a Credentials Management System?

Organizations require user credentials to control access to sensitive data. Deploying a sound credential management system—or several credential management systems—is critical to secure all systems and information. Authorities must be able to create and revoke credentials as customers and employees come and go, change roles, and as business processes and policies evolve. Furthermore, the rise of privacy regulations and other security mandates increases the need for organizations to demonstrate the ability to validate the identity of online consumers and internal privileged users.

Challenges Associated with Credential Management

  • Attackers who gain control of your credential management system can issue credentials that make them an insider, potentially with privileges to compromise systems undetected.
  • Compromised credential management processes result in the need to re-issue credentials, which can be an expensive and time-consuming process.
  • Credential validation rates can vary enormously and can easily outpace the performance characteristics of a credential management system, jeopardizing business continuity.
  • Business application owners’ expectations around security and trust models are rising and can expose credential management as a weak link that may jeopardize compliance claims.

Hardware Security Modules (HSMs)

Hardware Security Modules (HSMs) are hardened, tamper-resistant hardware devices that strengthen encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures. Some hardware security modules (HSMs) are certified at various FIPS 140-2 Levels.

While it’s possible to deploy a credential management platform in a purely software-based system, this approach is inherently less secure. Token signing and encryption keys handled outside the cryptographic boundary of a certified HSM are significantly more vulnerable to attacks that could compromise the token signing and distribution process. HSMs are the only proven and auditable way to secure valuable cryptographic material and deliver FIPS-approved hardware protection.

HSMs enable your enterprise to:

  • Secure token signing keys within carefully designed cryptographic boundaries, employing robust access control mechanisms with enforced separation of duties in order to ensure that keys are only used by authorized entities
  • Ensure availability by using sophisticated key management, storage and redundancy features
  • Deliver high performance to support increasingly demanding enterprise requirements for access to resources from different devices and locations

Related Articles

Secure your data, comply with regulatory and industry standards, and protect your organization’s reputation. Learn how Thales can help.