Thales Hardware Security Modules (HSM)
Some keys need bulletproof protection
Strong protection of keys is the foundation of security in any system protecting data transfer, managing keys or performing authentication of entities, such as users or devices.
The protection becomes especially important in hierarchical systems, such as PKI (Public Key Infrastructure), where a large number of entities rely on a trusted party, called the CA (Certificate Authority). The validity of each issued certificate and consequently, trustworthiness of the entire system, is based on the protection of the CA. Should the security of the CA keys be compromised, all the issued certificates would have to be re-issued and re-installed, causing dramatic vulnerability and economical consequences.
HSMs enable ultimate security for PKI
When a Hardware Security Module (HSM) is used, all the processing of certificate issuance and validation occurs within the module. The private keys are never accessible nor are in a readable format outside the HSM.
While it’s possible to deploy a PKI without HSMs, handling CA keys outside the cryptographic boundary of the HSM makes the system more vulnerable to attacks. Thus Insta recommends HSMs for critical environments, such as public sector and security-conscious enterprises. Depending on the application’s security classification, HSMs may be required to fulfill the audit requirements.
Besides strong key protection, HSMs also provide other unique security functions such as true random number generation and capability to run custom code within the protection of the module. The custom code execution can be used to ensure maximum security for critical business applications.
Insta PKI and Thales HSMs interoperate seamlessly
We have chosen industry-leading Thales HSMs to accompany our PKI based solutions. Thales products provide best-in-class security and are certified to strict security standards including FIPS 140-2 Level 3 and Common Criteria EAL 4+.
Insta is a Thales ASAP (Alliance for Solution and Application Providers) partner. The partnership ensures, for example, that Insta Certifier CA product and our CA services integrate seamlessly with Thales nShield HSMs, making it easy to deploy best practice security solutions. Insta Certifier and Thales HSMs are used worldwide in mission-critical applications, providing a field-proven, reliable combination for high security PKI.
Insta supplies world-leading HSMs through Thales partnership
Being a Thales Channel Partner, we resell Thales’s security products in Finland, enabling us to provide the broad range of Thales’s data protection products for our customers.
The Thales nShield family of general purpose HSMs includes network-attached standalone appliances, embedded PCI/PCIe cards and portable USB-based modules to address your specific security needs and deployment environment.
You can find a full view on Thales’s HSM range here.
Please contact us for HSM pricing and more information on our high security PKI solutions.