Leo Fender brought the Fender Stratocaster electric guitar to market in 1954. At the time the double-cutaway body sculpted in solid ash wood was a notable departure from the hollow bodied acoustic inspired electric guitars available at the time. And after 67 years, most guitarists agree that it is a classic: the Stratocaster has been the go-to instrument for the likes of Buddy Holly, Jimi Hendrix, Dave Gilmour, Ritchie Blackmore, and Nile Rodgers to name but a few. And the design has barely changed over the decades. Leo Fender got it right first time.
The idea of getting it right first time reminded me of our nShield Security World architecture that supports a key management framework that spans the entire Entrust nShield family of general-purpose Hardware Security Modules (HSMs). This architecture provides a unified administrator and user experience and guaranteed interoperability whether the customer deploys one or hundreds of devices. It is testimony to the engineering team in our Cambridge, UK center that the architecture hasn’t fundamentally changed since it was developed. It has remained a strong compelling feature of nShield HSMs that meets the needs of security and operational professionals throughout the world.
So, what sets the Security World architecture apart? One of the key design decisions was to recognize that storing cryptographic keys in the physical memory of the HSM would create future problems in terms of capacity, resilience and scalability. Instead, the nShield design team chose to abstract the cryptographic keys and store the key tokens outside the physical boundary of the HSM device. This removes the risk associated with a single point of failure and ensures you don’t run out of physical storage space for your keys.
Through Security World, customers can easily establish a logical security boundary for managing groups of HSMs. By leveraging this architecture, security teams can :
- Enhance security, leveraging high assurance controls for HSM administration, and institute strong, granular controls over the access and usage of application keys.
- Minimise risk – by employing powerful separation of duties capabilities using controls that require a specific number of administrators to perform sensitive functions. While keys can be shared across the Security World domain, they never exist outside the HSM in an unencrypted format.
- Minimise operational impact, using full remote administration capability for lights out data centers. Additional trips to the data center can be eliminated with simple data center installation and subsequent remote configuration and administration.
- Reduce operational costs by doing simple, automated backups of HSM files using existing file management processes. This allows them to securely manage keys in the more affordable application layer, rather than the HSM layer.
- Enhance operational efficiency: Organizations can centrally manage all the nShield HSMs they have in their environment. Whether they’re running two or 500 nShield HSMs, teams can establish unified policy and operational administration.
- Increase resilience: by establishing seamless and robust load balancing and failover capabilities to optimize performance and eliminate single points of failure.
Starting with those original core decisions, the management architecture continues to support nShield HSMs even as they are deployed in ways that weren’t even considered when it was first developed, including cloud and multi-cloud environments.
The Fender Stratocaster is a design classic, right first time, often imitated, but nothing plays or sounds quite like the real thing. In the data protection domain nShield Security World has been available for around 23 years and considered by some to be a design classic too. In today’s cloud centric environment Security World is still is on point, from a deployment, resilience and scalability perspective.
To learn more visit: https://www.entrust.com/digital-security/hsm/products/nshield-hsms and download the Security World whitepaper.
*** This is a Security Bloggers Network syndicated blog from Entrust Blog authored by Iain Beveridge. Read the original post at: https://www.entrust.com/blog/2021/08/security-getting-it-right-first-time/