Demystifying the HSM Cloud · Demystifying the HSM Cloud Understanding HSM as a Service. Utimaco...

Utimaco HSM Business Unit · Aachen, Germany · ©2017 www.hsm.utimaco.com

Demystifying the HSM Cloud

Understanding HSM as a Service


Cloud is part of our everyday life

Security is the foundation that Business

Models and Ecosystems around

Cloud are built on!


Cloud is part of our everyday life

Let’s talk about

Hardware Security

Modules


no thank you

i‘m good


Why HSMs in the Cloud?

You are not using HSMs?

Wait a moment! What about:

• PKI and Identity Management (Nexus, OpenTrust,

Entrust, CyberArk, PrimeKey,…)

• Database Encryption

• Microsoft application (Server / SQL Server / RMS /…)

• Key Management Solutions

• DNSSEC

• PCI-DSS

• TLS / SSL


Excursion: GDPR (General Data Protection Regulation)

Adaptive Backup and RecoveryHow do I best ensure sensitive data is protected, stored and backed up securely

Encryption and PseudonymizationHow do I ensure my sensitive customer and employee data (PII (Personally Identifiable Information), PHI (Protected Health information), PCI (Payment Card Industry) is protected?

Breach Response and ReportingHow do I know if I have already been breached? And how quickly – after a breach has taken place – can I enable the security operations team to take steps to contain it, recover and find the root cause?

Enable the right to be ForgottenTake control of data throughout its lifecycle

Protect Personally Identifiable InformationProtect data in use, in transit and at rest to ensure that when a breach occurs, theinformation remains confidential

Notify breaches within 72 hoursIdentify and contain breaches and enable a comprehensive response to threats;Harden applications to identify and address vulnerabilities

HSMs are part of the solutionUse cases where HSMs are playing an essential role


What is HSM in the Cloud?

But what is a CLOUDHSM?


Cloud Definition

Public HybridPrivateDeploymentModels

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

DeliveryModels

On-demand self-service

Measured service Elastic scalability

Resource pooling Broad network access

Essential Characteristics

Foundational Elements / Enablers

Virtualization

Grid Technology

SOA

Browser as a Platform

Distributed Computing

Broadband Networks

Free and Open Source Software

Service Level Agreements

Autonomic Systems

Web 2.0

Web App. Framework

Utility ComputingBased on NIST Working Definition on Cloud Computing


What does this mean for the HSM Cloud?

On-demand self-service Browser and a credit card

Measured serviceServices by subscription, pay per use, pay per key usage, ….

Resource poolingPooled together from across multiple geographic locations

Elastic scalabilityIncrease or decrease HSM computing resources

Broad network accessHSM in the Cloud broad network access for Private Cloud and hybrid concepts



Public CloudPublic HSM clouds enable you to tap into a pool of shared resources and pay only for the resources you actually consume. You don’t need to know where or how the services are created.

Private CloudPrivate HSM clouds offer similar capabilities to public HSM clouds, but they run on dedicated IT only. Some companies host their private clouds on dedicated, third-party IT.

Hybrid Cloud Hybrid HSM clouds combine private and public HSM cloud services to offer the security of private HSM clouds and the enormous scalability of public HSM clouds.

Public HybridPrivateDeploymentModels



IaaS – Move to it –Hardware Security Modules delivered as a service.

PaaS – Build with it –IaaS combined with middleware and development tools, such as programming and scripting languages — delivered as a service. HSMs as PaaS offer a validated and integrated environment for creating applications.

SaaS – Use it –IaaS and possibly PaaS combined with software applications and delivered as a service. Users get access to those applications with a browser. Managed PKI is a typical application that is well known and widely used.

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

DeliveryModels


31 21

YOU KNOW YOU NEED HSM AS A SERVICE WHEN…

The 4 big QUESTIONS:

Does your Business see demand for and usage of your HSM fluctuate sharply at different times of the year?

Are you always running out of CryptoPower of your HSM?

Do you want to create a more sustainable Business environment?

Do you need support for new pilot product offerings that demand HSM usage?


What’s ahead in the market?

IoT + Cloud

Industrial IoT /Industrie 4.0

Fintech

M2M


What’s ahead @ Utimaco?

The Utimaco HSM optimizedfor Cloud usage

- Multi-Tenancy

- Tenant Backup Key (TBK)

Watch out for our next product release!

- Release Webinar (Partners & Customers only)

- New HSM Simulator available soon


Utimaco IS GmbH

Germanusstraße 4

52080 Aachen

Germany

Tel +49 241 1696 200

Fax +49 241 1696 199

Email [email protected]

Thanks for your attention!

Utimaco Inc.

Suite 150

910 E Hamilton Ave

Campbell, CA 95008

United States of America

Tel +1 844 884 6226

Email [email protected]

Andreas Philipp

VP Business Development

[email protected]

mailto:[email protected]



Demystifying the HSM Cloud · Demystifying the HSM Cloud Understanding HSM as a Service. Utimaco...

Documents

Transcript of Demystifying the HSM Cloud · Demystifying the HSM Cloud Understanding HSM as a Service. Utimaco...