Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

What is a Hardware Security Module?

Key Points
  • HSMs were designed to be extremely trusted devices whose function is to protect classified cryptographic materials.
  • The strict security measures used within an HSM allow it to be the perfect Root of Trust in any organization’s security infrastructure. 

More than ever, businesses and organizations have a responsibility to secure their data. Highly adaptable organizations have begun to implement a PKI as a means to upgrade network security.

According to the 2019 Verizon Data Breach Investigations Report, 29% of 2019 network breaches involved the use of stolen credentials. When it comes to securing authentication communications and ensuring a user-friendly experience, certificates are miles ahead of credentials. A Managed Cloud PKI can be the key to implementing an effective certificate security strategy.

A PKI allows users and systems to verify the legitimacy of certificate-holding entities and securely exchange information between them over-the-air. The introduction of a PKI enables stronger, certificate-based security, as well as identity services and management tools to maximize network efficiency and security.

Hardware Security Modules (HSM) are a powerful security tool within the PKI ecosystem, but what is an HSM, and how does it work?


What Is an HSM?

Quote Banner RADIUS and PKI

An HSM is a specialized, physical security device that functions as a means to operate cryptographic functions. These can include encryption, decryption, authentication, key management, key exchange, and more.

HSMs were designed to be extremely trusted devices whose function is to protect classified cryptographic materials. They have a robust OS and restricted network access protected via a firewall. They can come in a variety of different forms, such as USB-connected devices, embedded PCI express cards, or standalone ethernet-connected appliances.

HSMs are also tamper-resistant and tamper-evident devices. HSMs are so secure because they have strictly controlled access and are virtually impossible to compromise.


Why Are HSMs Secure?

HSMs are considered the Root of Trust in many organizations. That is to say that they are the source of trust in a cryptographic system and therefore must be relied upon in order for the system to continue to work. An effective strategy is to host the root Certificate Authority of a PKI offline and protect it with an HSM so it is near impossible for anyone to access that is not authorized to do so.

HSMs have specialized hardware that is well-tested and security-focused, It has limited access to a network interface and is strictly controlled by internal rules. The strict security measures used within an HSM allow it to be the perfect Root of Trust in any organization’s security infrastructure.

Hardware Security Modules can generate, rotate, and protect keys that are randomly generated by the HSM. HSMs contain a piece of hardware that makes it possible for its computer to generate truly random keys, as opposed to a regular computer that cannot create a truly random key.

HSMs are also generally kept off the organization’s computer network to further defend against breaches. This means an attacker would need physical access to the HSM to even view the protected data.


Types of HSMs

There are two main types of Hardware Security Modules:

General Purpose: General Purpose HSMs can utilize the most common encryption algorithms, such as PKCS#11, CAPI, CNG, and more. They are primarily used with Public Key Infrastructures, crypto wallets, and other basic sensitive data.

Payment and Transaction: Payment and Transaction HSMs are created for the protection of payment card information and other types of sensitive transaction information.


How To Use A HSM?

HSMs are the gold standard for protecting your data and are the groundwork for a truly successful PKI ecosystem.

SecureW2’s JoinNow package comes with everything you need to set up a state-of-the-art PKI in just a matter of minutes. SecureW2’s Managed PKI is turnkey and gives admins everything they need to configure EAP-TLS authentication, the strongest 802.1X authentication protocol, to eliminate over-the-air credential theft. Our world-class security architecture is all backed by our powerful HSM, to completely eliminate any risk of a security breach.

Deploying a PKI can be much easier than you think. Click here to see our pricing form.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

What is a Hardware Security Module?