Introduction
A hardware security module (HSM) is only as good as its underlying architecture. Over the past 40+ years, Futurex has steadily refined the most dynamic cryptographic architecture in the industry. Futurex’s Base Architecture Model (BAM) is a code base shared by all Futurex solutions, both on-premises and in the cloud, allowing them to communicate and integrate with each other in a streamlined way. The BAM is flexible, powerful, and scalable: not only does it help enable to wide variety of cryptographic functionality for which Futurex solutions are known, but it allows each functionality to be customized to fit each customer’s needs. In this post, we’ll cover the BAM’s three biggest advantages.
Integration
Whether it’s a developer coding for a few applications or a large enterprise running hundreds of applications with an infrastructure supplied by multiple vendors, integration is a big practical challenge. That’s why Futurex designed the BAM to support a vast number of standard and international APIs, a few examples being PKCS#11, Microsoft CNG, KMIP, and RESTful web APIs. For example, if a client comes to Futurex with applications that use PKCS#11 commands, their app sends those commands to our library, which translates those PKCS#11 commands to HSM commands. All the heavy lifting has already been done on our back end, meaning the process of integrating a client’s applications with our technology is straightforward and painless. Futurex is also one of only a few cryptography providers with a proprietary API — the Excrypt API — designed to simplify HSM communication for our clients. On top of that, Futurex solutions support native integration with major public cloud providers like Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS).
Functionality
The BAM is equipped with licenses to enable a wide array of cryptographic functionality, covering general-purpose and payment encryption, key management, public key infrastructure (PKI) and certificate authority (CA), and cryptographic infrastructure management. Futurex’s HSMs and key management servers therefore function as all-in-one solutions for their given field. Should a customer using the Vectera Plus HSM to encrypt their files and applications suddenly recognize the need to manage their encryption keys too, this functionality can be easily enabled the HSM by Futurex’s Solutions Architects. Or, should a client using a dedicated key management server like the KMES Series 3 find it necessary to perform basic encryption functions as well, they may do so by having Futurex simply add that license to the machine. Through the innovative licensing and functionality of the base architecture model, organizations achieve a degree of flexibility and customization not often found in the hardware security industry.
Interoperability
Closely related to the subject of integration is that of interoperability. One of the BAM’s strengths is as a common code base shared among all Futurex products, with backward compatibility with our legacy hardware. Futurex devices seamlessly integrate and communicate with each other. As many security architects and IT managers know, managing a multi-vendor solution can be burdensome. Combined with the powerful functionality of our technology, the interoperability conferred by the BAM makes a Futurex-supplied infrastructure a strong single-vendor solution. Organizations can connect their Futurex HSMs to a cryptographic management solution like the Guardian Series 3 to further improve the system’s coherence and security. Management tools like the Guardian allow administrators to cluster devices with a simple web interface for bulk changes and updates, synchronous peering, automatic failover, and advanced monitoring and alerting. Centralizing infrastructure in this way brings tremendous savings in management costs while removing the necessity for in-person management.
Conclusion
The base architecture model presents customers with the most versatile cryptographic architecture in the world. When Futurex began developing the BAM, it did so for a single reason: to better serve our customers. Futurex’s customer-focused company philosophy is the reason why the BAM supports all common APIs and algorithms, provides nearly every cryptographic function possible, and allows organizations to centralize their infrastructure with streamlined management. In our constant mission to develop innovative solutions, the versatility of the base architecture model allows us to quickly develop and distribute updates that make it even more user-friendly and feature-rich.
To learn more about how Futurex solutions can benefit your organization, feel free to contact our subject matter experts or request a demo.