5 Ways to Future-Proof Cryptography for Companies Around the World
For enterprises around the world, future-proof infrastructure is about being proactive versus reactive. Organizations that anticipate and adapt to changing business and technology needs tend to grow, while organizations who merely react to change after it occurs tend to stagnate. To future-proof data security infrastructure is to ensure long-term growth – and survival. After 40+ years of creating and implementing future-proof cryptographic solutions for global enterprises, Futurex has firsthand experience of the importance of future-proof infrastructure.
Most organizations with cryptographic infrastructure are faced with the ongoing task of keeping it up-to-date and secure. This can involve updating encryption algorithms, rotating keys, or maintaining compliance with a data encryption standard. But when it comes time to use a different algorithm, to centralize key management, and to attain a higher compliance certification, how quickly will they adapt? This is where organizations benefit from a future-proof strategy.
For example, take the following statement by Futurex’s Adam Cason, Vice President, Global and Strategic Alliances. In his Infosecurity Report article, Cryptographic Management Trends Around the Globe, Cason writes:
“Cryptographic management goes hand in hand with digital transformation, as organizations must evolve and future-proof their end-to-end cryptographic environments to ensure they are secure, compliant, and highly available to protect and secure their data, assets, and transactions.”
In other words, future-proof data security depends on holistically anticipating future needs.
Futurex is based in the USA, but this extends to markets in regions around the world. To provide you with current perspectives from these global regions, key members of Futurex’s globally active team — including Mark Howland, EMEA business development; Ruchin Kumar, vice president, South Asia; and Santos Campa, vice president, LAC – have weighed in with their insight into global cryptographic trends in future-proof infrastructure.
How to future-proof cryptography
We’ve discussed what future-proofing is, in general. But how do you actually future-proof your data security infrastructure? Futurex has identified five components of a future-proof strategy.
- Running virtual HSMs based on FIPS 140-2 Level 3 validated hardware offers the highest security balanced with the greatest flexibility.
- Moving cryptographic infrastructure to the cloud helps organizations centralize management, streamline operations, and gain virtually unlimited functionality.
Investing in next-generation compliance
- Futurex solutions are designed with emerging compliance mandates in mind, with FIPS 140-2 Level 3 and PCI validation as the norm.
Customer experience innovation
- High availability and agility in responding to new use cases gives organizations the tools to inspire loyalty across their client base.
- Adopting cloud strategies allows organizations to offer service-oriented architecture like SaaS or banking as a service (BaaS).
Now that we’ve covered the means of implementing future-proof infrastructure, let’s see how different regions around the world are making use of them.
The view from EMEA
Across Europe, the Middle East, and Africa (EMEA), organizations are embracing cloud HSMs and HSM virtualization. “The world operates in the cloud or in hybrid. Right now, everybody is moving to Azure, AWS, or Google,” says Futurex’s Mark Howland.
Many proactive organizations are also looking into load balancing, remote management, and virtualization. Virtualization in the cloud helps organizations stay agile in developing new services based on cloud capabilities. It also helps organizations stay carbon neutral and avoid taking up rack space.
“When you look at the costs, administrative costs, and power, it makes a good business case to virtualize rather than use hardware,” states Howland. He says that “virtualization and the cloud allow fluidity in services that businesses can bring to market.”
The LAC perspective
From a Latin America and Caribbean (LAC) perspective, “customers want to make sure that they are investing in an infrastructure that can be scalable and something they can use for the long term,” says Futurex’s Santos Campa.
For many customers, the cloud presents an agile and cost-effective business case. Campa reports that customers have begun evaluating next-generation compliance – such as the next PCI and the next FIPS requirements – so that their cryptographic investments are future-proofed. In addition to PCI, there are regional compliance requirements to adhere to; for example, Mexico requires compliance with Comisión Nacional Bancaria y de Valores (CNBV) and Asociación de Bancos de Mexico (ABM).
Campa has also noted that many LAC financial institutions are interested in improving the customer experience with innovative payment options like contactless payments, which have seen a significant increase over the past two years.
Future-proof solutions in APAC
Across South Asia, and India in particular, many organizations outsource cryptographic management to managed service providers or cloud service providers. Doing so lowers the CAPEX for the customer and addresses regulatory compliance issues.
Futurex’s Ruchin Kumar is seeing lots of cryptography-as-a-service (CaaS) interest and implementation. The region is especially focused on issues around regulatory compliance, data localization, and key localization. In response to the demand for locally based cloud solutions, Futurex has expanded its data center presence in the region with data centers in Mumbai and Hyderabad. Services like these are geared toward forward-thinking organizations with the need to become future-proof.
Since the establishment of India’s Information Technology Act – a law that outlines the cryptographic requirements to ensure the confidentiality and integrity of sensitive information – cryptography has been deeply embedded across the region. This drives most of the HSM and key management deployments, according to Kumar. “India is running quite ahead in HSM and key management solutions,” he reports.
When examining future-proof strategies around the world, a few trends stand out.
Organizations are figuring out how to use cloud services to reduce TCO and expand their product offerings through service-oriented architecture, such as SaaS and CaaS. Compliance remains as big a consideration as ever, as organizations work to ensure that their solutions remain compliant with international standards and data localization requirements. Overall, the key to innovation lies in investing in cryptographic infrastructure to ensure an organization’s agility, security, and compliance well into the future.