Imagine that your organization is using a software program to encrypt and manage keys. The computer running this software is kept in a relatively secure environment, but by necessity, certain employees still have access to the area. Realistically, how safe are your encryption keys? The software may be using the strongest encryption algorithms available, but unless the hardware is physically secure, the right hacker could expose your sensitive data fairly easily.
Insider attacks happen quite frequently. If an untrustworthy employee were to gain access to the area and steal the computer on which the software program is installed, he or she could crack the software over time, either through a brute force attack or by exposing other vulnerabilities within the software. Sometimes data can even be extracted directly off the computer’s RAM or hard drive. Without any physical barriers to stop access to these areas, your encryption keys will be exposed.
Hardware security modules (HSM) provide a far more secure method for storing and managing encryption keys. HSMs that are FIPS 140-2 Level 3-validated go through extensive tests to ensure that the devices are durable enough to protect data against physical attacks. HSMs offer a significant leg up when compared to software-based encryption methods.