{"id":5163,"date":"2022-04-13T11:20:46","date_gmt":"2022-04-13T03:20:46","guid":{"rendered":"https:\/\/www.progreso.com.sg\/newsite\/?post_type=all_news&#038;p=5163"},"modified":"2022-04-13T14:34:31","modified_gmt":"2022-04-13T06:34:31","slug":"hardware-security-modules-in-hybrid-cloud","status":"publish","type":"all_news","link":"https:\/\/www.progreso.com.sg\/newsite\/all_news\/hardware-security-modules-in-hybrid-cloud\/","title":{"rendered":"Blog: Understanding the Role of Hardware Security Modules in the Hybrid Cloud"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5163\" class=\"elementor elementor-5163\" data-elementor-settings=\"[]\">\n\t\t\t<div class=\"elementor-inner\">\n\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-element elementor-element-7313710 elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-section elementor-top-section\" data-id=\"7313710\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t<div class=\"elementor-row\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cd5ad29 elementor-column elementor-col-100 elementor-top-column\" data-id=\"cd5ad29\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-column-wrap  elementor-element-populated\">\n\t\t\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c4de02d elementor-widget elementor-widget-text-editor\" data-id=\"c4de02d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-text-editor elementor-clearfix\"><p>More businesses have come to rely on the use of public cloud environments as these environments have been proven to provide more security than typical on-premises data centers. However, while these cloud solutions are considered secure, it is essential that businesses maintain control of their own critical cryptographic keys to keep data that is migrating between their data centers and the cloud secure at all times. The data is kept safe, and its privacy guaranteed only when it is continuously encrypted. This requires the security that can only be provided by\u00a0<a href=\"https:\/\/utimaco.com\/products\/categories\/hsm-key-management\" rel=\"noreferrer\">hardware security modules<\/a>.<\/p><h2>Maintaining Cryptographic Key Ownership through BYOK<\/h2><p>Best practices call for businesses to maintain control over their cryptographic keys. This assures sound governance, compliance and internal controls. Businesses must be mindful that by taking advantage of what the cloud offers, that the theft, loss or misuse of just even one critical key could significantly impact their organization in a negative way by:<\/p><ul><li>Loss of control over data and vendor lock-in<\/li><li>Loss of revenue<\/li><li>Business operational process disruption<\/li><li>Causing serious damage to their reputation<\/li><li>Triggering falling share prices<\/li><li>Legal consequences<\/li><\/ul><p>\u201cBring Your Own Key\u201d (BYOK) allows businesses to\u00a0<a href=\"https:\/\/www.utimaco.com\/solutions\/applications\/multi-cloud-key-management\" rel=\"noreferrer\">maintain cryptographic key control<\/a>\u00a0and take full advantage of what a hybrid cloud environment offers. When applications run, encryption keeps data protected at all times, whether it is:<\/p><ul><li>At rest in a database<\/li><li>In transit between user devices and data centers<\/li><li>At public endpoints through TLS<\/li><\/ul><p>BYOK ensures that third-parties, including cloud service providers, cannot gain access to the business\u2019s critical keys in an unencrypted form. This provides further protections against insider attacks or other unauthorized access to data. It also prevents businesses from falling victim to a cloud vendor lock-in. Without BYOK, a business can find moving their data to a different cloud or subscription service to be costly and time-consuming.<\/p><h2>Keeping Keys Secure in a Hybrid Cloud Environment with an HSM<\/h2><p>Properly managing the life-cycle of the many cryptographic keys a business may use is essential to maintaining the security of applications and data in a hybrid environment. Encryption can only be effective when these crypto keys are protected, and this is where a hardware security module (HSM) is a must along with a centralized key management system to manage key life-cycles.<\/p><p><strong>An HSM protects critical cryptographic keys in a dedicated hardware-based appliance that provides a root of trust over the business\u2019s keys, data, and applications because it:<\/strong><\/p><ul><li>Protects cryptographic material and keeps it hidden at all times<\/li><li>Keeps decryption keys separate from encrypted data to provide an extra layer of security in the event of a data breach thus preventing exposure of encrypted data<\/li><li>Strengthens encryption practices through the entire key lifecycle from generation to storage, distribution, back-up, and ultimately, destruction<\/li><li>Limits access through a strictly controlled network interface<\/li><li>Is built with secure hardware that is resistant to hacking attempts<\/li><li>Runs on a secure operating system<\/li><li>Simplifies compliance and auditability through certified hardware and easier audit reporting<\/li><li>Allows for scalability and multi-tenancy of the security architecture<\/li><\/ul><h3>A hybrid cloud mandates a network of HSMs which need to be as follows:<\/h3><p><strong>1.<\/strong>\u00a0The master HSM in the organization\u2019s central data center, allowing for centralized key life cycle management. The local data center can then be managed directly by this central HSM.<\/p><p><strong>2.<\/strong>\u00a0Data centers in decentralized locations or in the cloud need a local or cloud-based HSM.<\/p><p>These subordinate HSMs receive application keys in an encrypted form (through a so-called Key Encryption Key KEK). The keys are accommodated in the local or cloud HSMs (never accessible to third parties or cloud service providers). Data is encrypted at rest and in transit, and securely used in applications, protected by\u00a0<a title=\"Public Key Infrastructure\" href=\"https:\/\/utimaco.com\/solutions\/applications\/public-key-infrastructure\" data-entity-substitution=\"canonical\" data-entity-type=\"node\" data-entity-uuid=\"3cdec87c-08fb-4738-aea9-bc19c5c06f6b\">Public Key<\/a>\u00a0or\u00a0<a href=\"https:\/\/utimaco.com\/current-topics\/blog\/role-of-hsm-in-symmetric-key-encryption\" rel=\"noreferrer\">Symmetric Key Infrastructures<\/a>. The owner of the central HSM stays in control and is able to conduct central audits, whereas third parties are unable to access data in its encrypted state.<\/p><p><strong>References: <\/strong><span style=\"color: #333399;\"><a style=\"color: #333399;\" href=\"https:\/\/www.cryptomathic.com\/news-events\/blog\/byok-is-essential-for-data-security-and-privacy-as-business-critical-applications-move-to-the-cloud\" rel=\"noreferrer\">BYOK is Essential for Data Security and Privacy as Business-Critical Applications Move to the Cloud<\/a><\/span><\/p><div><strong>Source<\/strong>:<span style=\"color: #333399;\"> Utimaco- <a style=\"color: #333399;\" href=\"https:\/\/utimaco.com\/current-topics\/blog\/role-of-hsm-in-hybrid-cloud\">Understanding the Role of Hardware Security Modules in the Hybrid Cloud<\/a><\/span><\/div><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>More businesses have come to rely on the use of public cloud environments as these environments have been proven to provide more security than typical on-premises data centers. However, while these cloud solutions are considered secure, it is essential that businesses maintain control of their own critical cryptographic keys to keep data that is migrating [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/5163"}],"collection":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news"}],"about":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/types\/all_news"}],"version-history":[{"count":5,"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/5163\/revisions"}],"predecessor-version":[{"id":5170,"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/5163\/revisions\/5170"}],"wp:attachment":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/media?parent=5163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}