Hardware Security Module (HSM)

hardware security module HSM

A Hardware Security Module (HSM) is a physical security device that safeguards and manages digital keys, performs encryption and decryption services, strong authentication, and often have tamper detection and prevention built into the devices themselves. Each HSM contains one or more secure ‘cryptoprocessor’ chips to prevent tampering and ‘bus probing’.

A common example of HSMs in our daily lives is our use of Automated Telling Machines (ATMs). We all possess ATM or Debit cards that allow us to gain access to our bank account. When you insert your card into the machine, it verifies that the 4 digit PIN you enter matches the reference PIN known to the card issuer. Similarly, this is how a network administrator would gain access to sensitive information. They would have their physical security card (or device) along with another form of authentication such as a password they know or biometric information (fingerprint, retina scan). HSMs are used as a form of Two-Factor Authentication when attempting to access critical data in a network or system.

What does this mean for an SMB?

Network administrators at an MSP or SMB may not have much reason to work with an HSM to secure their company or network. The exception here is high security SMBs working on government contracts which need to protect CUI, ITAR, or Top secret data. In these cases, they may receive an HSM from the government to protect the data entrusted to them. For most others, it is not likely to be used or needed. While HSMs have their place, it is more important for MSPs and SMBs to implement other security tools listed below in your toolbelt. CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks: