Financial data security architecture has evolved over time. Now, most financial organizations deploy some form of HSM and payment application infrastructures. What began as on-premises infrastructure is transitioning to an almost entirely cloud-hosted infrastructure.
Initially, payment applications and HSMs were managed on-premises at an organization’s own data centers. While this structure can be beneficial for organizations operating their own data centers, many others began to move towards the cloud in order to increase scalability, redundancy, and reduce internal IT operations so they can increase focus on their own core competencies.
As organizations began moving towards a partial cloud environment, payment applications were placed in the cloud while HSMs were maintained on-premises. This hybrid approach allows for greater flexibility and redundancy for the payment application, but the burden of managing HSMs on-premises, including staff training, compliance audits, and higher up-front capital expenditure, were still there.
After fully realizing the benefits of the cloud for their payment applications, many financial services providers found that moving the HSM component to the cloud provided even more opportunities for maintaining a secure, robust, and scalable cryptographic infrastructure. Today, many organizations take the approach of opting to have their payment application hosted with the public cloud provider and their HSMs with a cloud HSM service such as Futurex’s VirtuCrypt offering. These organizations reap the benefits of hosting in the cloud – complete flexibility, customizability, reduced cost – as well as maintain the high standard of hardware security and encryption capabilities. Organizations self-manage the connection between their payment applications and their cloud HSMs.
Now, even more organizations are wanting to take full advantage of the services provided by a public cloud provider. When using cloud HSMs that are natively integrated with public cloud providers, operational burdens are significantly reduced. Networking infrastructure is made much simpler, onboarding is fast, establishing multi-cloud and multi-region high availability is a near-turnkey process, and operational tasks like invoicing and payments are built on top of the organization’s existing public cloud account management structure.
