Organizations in every global economic sector depend on secure and compliant cryptographic systems on the backend. These systems were traditionally deployed via on-premises hardware devices, but a fast-growing number of organizations are enjoying the benefits of cloud-based cryptography. In addition to rising cloud adoption, there are instances of striking innovation among smaller FinTechs, as well as a big push for compliance with data localization requirements in some regions. Thanks to its offices and data centers around the world, Futurex has the benefit of a global perspective on cryptographic trends like these.
I last wrote about this topic in Cryptographic Management Trends Around the Globe. To gather the most up-to-date insights and perspectives, I checked in with members of the Futurex team from around the world, including Ruchin Kumar, Vice President, South Asia; Mark Howland, Senior Business Development, EMEA; and Santos Campa, Vice President, LAC.
Now, let’s drill down on current cryptographic trends across South Asia, EMEA, and LAC.
South Asia: Payment Ecosystem Thriving in South Asia
Ruchin Kumar emphasized that the payment ecosystem in South Asia, particularly India, is thriving. The financial services sector contains the largest consumers of hardware security modules (HSMs) and cryptography in the region. HSMs play an important role for organizations in South Asia, where they secure the root of trust, keep private keys secure, manage public key infrastructure (PKI), and perform digital signing to ensure message integrity. By Kumar’s estimate, India represents nearly 95% of HSM use cases in all South Asia.
With one of the world’s fastest-growing payments industries, India has developed thorough compliance requirements to ensure payment security. These include Unique Identification of India (UIDAI), National Payments Corporation of India (NPCI), Payments Council of India (PCI), Information Technology Act of India, 2000 and its amendments 2008/2011. Such regulations can determine when organizations must use general purpose HSMs and when they must use payment HSMs: general purpose HSMs are used for digital signing and message integrity, while payment HSMs are used for acquiring, switching, card issuance, green PIN, and other payment application security needs.
What’s on the horizon for the South Asia region? From Kumar’s perspective, organizations are often evaluating ways to improve their cryptographic infrastructures. Many organizations are becoming interested in tokenization for security and agility, especially with Internet of Things (IoT), blockchain, and AI. Additionally, remote key loading (RKL) is increasingly used to exchange keys with centralized servers for devices in the field, such as ATMs, point-of-sale (POS) terminals, and handheld devices.
Companies in South Asia See Cryptography-as-a-Service and Local Data Centers as Critical for Data Residency and Localization
Over the past two years, organizations in South Asia have adopted the cloud as a resource to host their critical applications on a large scale. Many organizations have used Futurex’s VirtuCrypt Cloud HSM and key management service to enhance security and compliance, as well as to maintain ownership and control of their encryption keys during cloud migration.
Futurex’s data centers in India help clients within the region comply with data localization requirements while enjoying higher throughput and lower latency. “Local data centers provide customers a lot of assurance in terms of data residency, data localization, and key localization, which earlier was a barrier to cloud adoption. Now that Futurex’s cryptographic services are hosted within Indian geography, we have seen a big difference in organizations migrating to HSM-as-a-service,” says Kumar.
India is well known as a FinTech hub for innovative startups, with nearly one hundred reaching the status of unicorns. Forward-thinking companies look to service-based, OpEx models for their applications as well as for cryptography. OpEx models offer flexibility, money savings, and serve as a resource for those needing help with cryptographic management.
EMEA: Cloud and Payments Dominate HSM Use in Europe, Middle East, and Africa
Cloud adoption is rapidly increasing in the EMEA region, with many organizations looking to HSM virtualization technology for payment applications. According to Mark Howland, “Customers are asking, ‘can we cut down on hardware reliance,’ and, ‘can we seasonally spin up and spin down the payment applications in which we are heavily invested?’ The answer is, of course, yes.”
Howland notes that smaller companies and VC-backed companies are more agile in how they pursue innovation. Such companies were among the first to implement cryptography-as-a-service (CaaS) to meet PCI regulations. Many early adopters in the finance and payment industry were responding to changes in consumer demand brought about by pandemic adjustments. Innovative payment processing solutions naturally followed, including mobile payments and SoftPOS. Like South Asia, smaller companies in EMEA (including those in financial software and services), get extra value from OpEx-based HSM cloud services, such as Futurex’s VirtuCrypt.
Organizations across EMEA are deploying HSMs for POS key management, PIN management, and virtualization. But what lies ahead? Howland has noted that many organizations — and not just traditional high-security finance customers — are moving to a service-based model, and are looking at application encryption, encrypting data at rest, and the overall protection of data in all industry sectors.
LAC: Trends in Cryptography Use in Latin America and the Caribbean
What’s trending in LAC? According to Santos Campa, there is demand for both on-premises and cloud-based encryption for payments in particular. Several banks already have huge investments in hardware infrastructure with their own data centers, racks, servers, etc. However, at least 35% of customers are converting from on-premises infrastructure to cloud HSMs. Many are opening new branches or are creating new FinTechs within their organizations.
“We’re seeing the majority of organizations move to the cloud, or at least move part of their operations to the cloud,” says Campa. “It’s very important to many organizations that they have complete control over the key lifecycle.”
As in the other global regions I’ve covered, the financial sector in LAC leads the region in cryptographic implementation, having quickly deployed cryptography for PIN validation, key management, and tokenization. According to Campa, the cloud continues to be very important and beneficial, especially given the ability to integrate cloud payment HSMs with cloud providers like AWS, Azure, and Google.
As organizations develop new models, such as transaction processing models, they must have a secure and compliant cryptographic solution that will allow them to scale while remaining compliant with regional regulations as well as international standards. OpEx options are highly sought after given their potential for flexibility and cost savings.
Finally, as one might expect, pandemic trends have ended up creating the conditions for cryptographic management to be streamlined in areas such as remote key management, where the advantage lies in not needing to physically visit data centers.
“Organizations are looking to a cryptographic platform that is future-proofed, one that is going to provide the best quality of service and support in the market,” concludes Campa.
Indeed, organizations across the globe are looking for innovative cryptography and embracing cloud solutions, with security, agility, and cryptography at the forefront of their cybersecurity strategies.
About the Author
As vice president, global and strategic alliances at Futurex, Adam Cason oversees Futurex’s partnerships with organizations worldwide.