The ABCs of a HSM Health Check

Hardware Security Modules operating in lights-out data centres are the fundamental pieces of infrastructure in any credible cybersecurity environment; silently securing PKIs, banking transactions, blockchains, databases and other business critical digital assets.

Whilst it remains true that hosting sensitive key material within an HSM is always best practise (Heartbleed), deploying an HSM alone is no silver bullet. Incorrectly configured devices will give false assurance while still ticking many superficial compliance checks, but can and will have devastating business impacts: DigiNotar Files for Bankruptcy in Wake of Devastating Hack.

Deploying a HSM alone is no silver bullet— Alastair Taylor

A deployment pattern we frequently encounter is an HSM estate commissioned for a particular business need: teams are stood up, best practise guidelines drafted and followed, ‘God level’ credentials distributed across security officers, redundancy and failover tested. The system goes live without a hitch.

As the weeks, months and years tick by, people and knowledge leave the organisation. New cryptographic standards emerge. The estate continues to operate seamlessly in the background. Then a business requirement or disaster recovery incident necessitates some updates, some reporting or some maintenance on the HSM. Where do you start?

Here at Salt Group, we have a team of battle-hardened professionals with deep real-world experience of the good, the bad and the ugly of HSM deployments. From the early 90s iteration of an HSM where these were simple co-processors offloading workload, to the sophisticated multi-tenanted devices that exist today.

We offer a standard health check service where we check the various aspects of your estate:

  • Are you running the manufacturer’s recommended firmware?
  • Do you need to? Are there any hidden nasties or suspicious activities in the logs?
  • Are there any product updates that could benefit your use cases?
  • When the estate was commissioned, are the top-level master keys still of sufficient strength and quality?
  • How is your HSM partitioned, is there appropriate application key separation?
  • Do you know who your HSM security administrators are?
  • Where they are? Or more importantly, where their smart cards are?
  • Are they readily available and are the credentials known?
  • Identify connected clients and check access requirements against that of the HSM.
  • Key management procedures.
  • How often do you roll key material?
  • Where are your backups held?
  • Are your redundancy, failover and recovery strategies suitable for current business needs?

At the end of the engagement, we produce a written report with action items graded in terms of severity and priority.

We can also deliver deeper bespoke services for activities derived from the health check. Filling knowledge gaps through fresh training, looking at system design and architectures, helping identify other business applications that would benefit from an HSM and help deliver an improved ROI from your current hardware assets.

Good cryptographic hygiene does not start and end exclusively with key material protected in tamper resistant hardware alone. Periodically revisiting the above checklist will provide you with assurances that your estate is operating effectively, securely and efficiently.

The Salt Group HSM Health Check reviews an existing HSM deployment and validates the operation, protection, operational usage and recovery capabilities of the environment. These items are reviewed against a set of best practices and any accompanying customer security policies. The HSM Health Check helps ensure the solution meets the customer’s current business needs and will continue to do so.

Reach out and I can help with how to approach your next health check – Alastair