Industry Weighs in on Hybrid Approach to HSMs
Organizations like options when it comes to mission-critical security — we know this from experience. For example, many organizations prefer to own and physically oversee their own hardware security modules (HSMs) while seeking the accessibility and convenience of the cloud. A hybrid approach, using both on-premises HSMs and cloud HSMs, allows organizations to construct an elastic infrastructure model for scalability, backup, and failover.
The bottom line is that financial services organizations, banks, retailers, insurance providers, and payment application developers are seeing rapid changes when it comes to securing transactions. With attack vectors growing and increasing in sophistication, “organizations are increasingly relying on HSMs to provide the highest possible security,” states CISO MAG.
In the recent virtual CISO MAG roundtable, Gearing for Greatness: The Future of India’s BFSI Ecosystem, Futurex’s Vice President, Global and Strategic Alliances, Adam Cason, joined fellow industry leaders in India’s banking, financial services and insurance (BFSI) ecosystem including:
- Ramesh Lakshminarayanan, Group Head, Information Technology and CTO, HDFC Bank
- Sankarson Banerjee, Chief Information Officer, RBL Bank
- Deepak Sharma, President & Chief Digital Officer, Kotak Mahindra Bank Ltd
- Supriya Datta, Senior VP Technology at NSE (National Stock Exchange of India)
- Manoj Shrivastava, Chief Information Security Officer, Future Generali India Insurance Company
- Siba Narayan Panda, independent consultant
Sachin Y Shende, General Manager, Reserve Bank of India, chaired the discussion, which centered around the changing dynamics in the HSM industry, the merging of general-purpose and financial HSM technologies, and the emerging role of cloud key management and financial cloud HSMs.
There are varying approaches to key management and HSM usage. Reserve Bank of India’s Shende contents that HSMs are expanding their use cases to Cheque Truncation Systems (CTS), Real Time Gross Settlement (RTGS) applications, and tokenization for retailers — beyond financial acquiring, card issuance, and mobile payment.
Datta, with National Stock Exchange (NSE) of India, is pushing for a hybrid approach, as NSE uses both on-premises and cloud.
On the other end was Sharma, with Kotak Mahindra Bank Ltd, who stated, “We have everything on-premises. The challenge that comes to my mind is the current key management solution.”
“I personally prefer the hybrid approach,” states Futurex’s Cason, who works with technology and channel partners worldwide to help them integrate Futurex’s FIPS 140-2 Level 3 and PCI HSM validated HSMs and key management solutions into customers’ enterprise security architecture, in both on-premises and cloud environments.
He recently wrote Key Management with Acuity: On-Premises, Cloud, Hybrid, an Infosecurity Magazine article that outlines key management and HSM options for organizations. Read it here.
Highlights of the CISO MAG BFSI roundtable are available here.
As you are exploring different key management security options — hybrid, on-premises, cloud — we can answer your questions and help you find the options that best fits your needs. Sign up for a 1:1 strategy session today with a Futurex Solutions Architect.