Organizations have been crucially reliant on the internet for their business workflows. Due to this enhanced exposure, organizations are facing new threats on a daily basis that dictates the incorporation of cryptographic services.
In the past, the malicious adversaries used to target the corporate sectors such as finance and banking, but today, every platform is targeted. Hence the protection of user data and information has been highlighted in every business sector. A vital element used to address some security issues is HSM. PCI SSC has mandated the inclusion of HSM as a part of PCI DSS compliance.
This article covers the physical security requirements for HSMs.
Hardware Security Module (HSM)
An HSM is a dedicated hardware/physical computing device that is responsible for secure key life cycle management along with providing performance-enhanced & accelerated crypto operations. Corporate organizations and banks have expanded their businesses around the world through e-commerce.
HSMs are widely deployed by enterprises for the protection of the client’s sensitive information and business transactions. HSM is the security component that acts as the backbone of the cryptographic infrastructure of the organization and protects the crypto keys at every phase from generation to destruction which also includes the physical security of cryptographic keys and sensitive data from unauthorized access and adversaries.
The tasks performed by HSM can be categorized as:
- Hardware-based secure key generation & management (storage, distribution, backup, and destruction)
- Protection (Physical & Logical) of sensitive data and cryptographic key material
- Accelerated Crypto (Symmetric/Asymmetric/Hash) Operations
PCI SSC & PCI DSS
PCI SSC (Payment Card Industry Security Standards Council) is a governing body established in September 2006 as a joint venture by MasterCard, American Express, Visa, JCB International and Discover Financial Services. It holds the mandate of managing the development in PCI and alignment of the company’s policies to PCI DSS (Payment Card Industry Data Security Standard).
PCI DSS is an information security standard to prevent credit card scams and numerous additional security threats & vulnerabilities. Credit/Debit card provider companies/corporations such as MasterCard and Visa etc. implement the mechanism and security controls specified and suggested in the PCI DSS. The entities that store, process and transmit the card information also implement PCI DSS. The importance of HSM can be explained from the fact that HSM has been defined as a role and mandatory component for PCI DSS compliance.
Read more (use below direct URL)
