In the first part of our comprehensive three-part series on selecting the ideal Payment Hardware Security Module (HSM), we explored three fundamental features often underestimated by organizations: dual functionality, processing speeds, and authentication mechanisms. These features are crucial given the continuously evolving cyber threat landscape.
Next, let’s explore three more features that are key to selecting a Payment HSM:
- HSM virtualization
- Working key storage
- HSM partitioning
1. HSM Virtualization
HSM virtualization allows users to divide the cryptographic functions of an HSM into different logical partitions which serve as independent virtual HSMs. In short, it maximizes the functionality of a single HSM. With sophisticated HSM virtualization, each virtual HSM will have its own firmware, security policies, key storage space, and configuration settings.
HSM virtualization allows users to serve multiple applications and deploy different use cases all with the same HSM. Ultimately, this increases operational efficiency and lowers total cost of ownership (TCO).
2. Working Key Storage
Working keys are transient encryption keys generated during cryptographic transaction processing. These keys have a defined usage period or transaction limit before being substituted.
It is paramount that Payment HSMs include working key storage. It guarantees the secure safekeeping and periodic rotation of these transient keys, mitigating potential key breaches.
Moreover, the integration of working key storage aligns the Payment HSM with stringent payment industry security benchmarks such as PCI-DSS. These standards require encryption keys used in payment transactions to be protected and managed meticulously.
3. HSM Partitioning
Partitioning a Hardware Security Module (HSM) involves the subdivision of the HSM into distinct, isolated environments known as partitions or slots. Each partition possesses its exclusive collection of encryption keys, management protocols, and access authorizations.
HSM partitioning expedites the segregation of duties and data across diverse business applications, yielding heightened security. Notably, the isolation of partitions guarantees that a breach within one partition does not jeopardize the integrity of others.
Furthermore, HSM partitioning accelerates scalability since multiple applications can now use the same physical HSM without interfering with each other. HSM partitioning also improves cost efficiency by reducing investments in multiple HSMs.
Futurex’s Payment HSMs: A Cut Above The Rest
When it comes to Payment HSMs, leading organizations around the world trust Futurex’s FIPS 140-2 Level 3 and PCI-validated Excrypt Plus and Excrypt SSP Enterprise v.2 HSMs to cohesively secure their payment transactions’ data.
With seamless support for instantly creating and managing up to 20 virtual HSMs in the same device, Futurex’s Excrypt Plus and Excrypt SSP Enterprise v.2 are the only two HSMs available in the market today that offer seamless HSM virtualization.
As for working key storage, both these HSMs offer internal as well as external key storage for up to 25,000 keys in the same HSM, making them highly versatile and scalable security solutions.
Lastly, with an integrated feature of supporting up to 250 application partitions per virtual HSM, Futurex’s Payment HSMs help organizations quicky segregate and assign access to keys, permissions, and cryptographic commands, which enhances overall security and operational efficiency.
In the concluding part of this three-part series, we’ll explore 3 more features that you should look for when choosing the right Payment HSM for your organization.
Stay tuned…