10 Questions to ask before migrating your payment HSM
What to know before you upgrade
When your organization’s HSM infrastructure approaches its end-of-life, your next step is to upgrade. But like any important business decision, you have to evaluate your upgrade options and select an HSM solution that will carry your organization into the future. To that end, Futurex has drawn upon its 40+ years of payment security experience to provide a list of the 10 most important considerations before upgrading your HSM infrastructure. It’s a big move, but Futurex is here to help you make it with confidence.
1. What are my HSM pain points and has the industry resolved them?
Over the past decade, headaches that used to be synonymous with managing HSMs have been corrected by industry innovation. Laborious in-person key management can now be remote, numerous applications can be consolidated onto a single HSM infrastructure, and tricky integrations are made smoother by developer-friendly APIs. Futurex has led this innovation by being the first in the industry to design a cloud HSM environment, a RESTful web API for payment processing, and an HSM capable of running both general purpose and payments functionality simultaneously.
2. Should we deploy our payment HSMs on-premises, in the cloud, or as a hybrid?
The scalability, resilience, and cost of cloud and hybrid architectures are huge benefits. Some organizations are opting for public cloud services like AWS, Azure or Google Cloud Platform. Futurex’s architecture simplifies and streamlines the process of connecting directly to applications running in public clouds. To learn more about Futurex’s VirtuCrypt Access Point (VAP) architecture, read our cloud payment HSM whitepaper.
3. How have my throughput rates grown since we last deployed our payment HSMs?
With the increasing number of electronic payment transactions in today’s economy, payment HSMs are having to handle vastly higher throughputs. Futurex’s Excrypt SSP Enterprise v.2 has the fastest transaction processing of any payment HSM in the world at >50,000 TPS and beyond.
4. Does my payment application provider have a cloud migration playbook?
Most payment application providers have developed a cloud strategy. Some offer their application in a format that can be hosted on a public cloud, others offer their own managed SaaS, and some have no cloud migration strategy in place at all. Ask your application provider what their cloud strategy is. If they are unsure, set up a call with Futurex. We have years of experience working with application providers to help them design and execute the cryptography and key management portion of their cloud strategy.
5. Has managing large groups of HSMs in different locations been a challenge?
In legacy payment HSM environments, large organizations have become accustomed to managing HSMs on a one-to-one basis. Managing users, firmware updates, keys, and configuration settings in this manner is incredibly time consuming, error-prone, and costly. New technology, however, has made “single pane of glass” infrastructure management possible, even with large groups of physical and virtual HSMs. Futurex’s Guardian Series 3 provides centralized configuration, monitoring, alerting, and orchestration for HSM environments, while the Excrypt Touch offers full remote management and key loading.
6. Do I have general purpose HSM use cases in my enterprise ecosystem?
Most HSMs are specialized for either payments or general-purpose use. Futurex HSMs were the first in the world with the capability to handle both simultaneously. The unique design of our HSMs allows you to perform general purpose and payment HSM functions on one server, helping you reduce the overall cost of running your enterprise cryptographic ecosystem.
7. What applications will I be running in my payment HSM environment?
Historically, payment application developers have been slowed down by unaccommodating APIs. Futurex HSMs support standards-based interfaces (such as PKCS #11, Java JCA/JCE, or Microsoft CNG), multiple legacy payment APIs for near-universal application compatibility, and a modern, RESTful web API. These can help your developers greatly accelerate your time to market, quickly respond to emerging industry trends, and replace legacy HSM vendors with no application code changes required. Additionally, if your organization runs multiple applications in a single ecosystem, HSM virtualization is a great way to increase the ROI of your HSM infrastructure. A multi-tenant approach is ideal for an organization that wants to reduce its HSM footprint while continuing to scale with growing application integration needs.
8. Is deploying HSM/Key Management-as-a-Service across our enterprise an executive priority?
With an increasing need for encryption in every industry, many organizations with an HSM infrastructure are beginning to deploy HSM/Key Management-as-a-Service to provide a unified platform for cryptographic resources throughout their enterprise. This is advantageous not just from a cost perspective, but for security and operational agility as well.
9. Does my payment HSM vendor have the capability to fulfill my order in a timely fashion?
Since the pandemic, supply chain issues have become commonplace in device manufacturing. With over 40+ years in business, Futurex has built relationships that give us enviable supply chain confidence. Even more so, all Futurex devices are manufactured in the US, and so the risk of third-party reliance is reduced. For our cloud offerings, a deployment with Futurex can be near-instantaneous.
10. What is more preferential to my accounting department, CapEx or OpEx?
Futurex solutions are scalable, with versatile deployment options. Whether your organization would prefer its HSM infrastructure budgeted as a CapEx or OpEx expense may inform your decision regarding cloud or on-premises deployment, as well as your need for scalability.