Digital Transformation: Scaling Security Processes

Digital Transformation: Scaling Security Processes based on a Converged Crypto Platform - Utimaco

All areas of life are either or about to enter an accelerated process of digital transformation. In financial services, government, health, automotive, consumer facing processes and applications are increasingly becoming digitally implemented. The emerging internet of things, intelligent algorithms, big data and  universal  connectivity are accelerating the advent of ubiquitous digital services. Cashless payments become the norm rather than the exception, mobility becomes integrated and autonomous.

With the transparency and comparability of offers, non-existent transfer costs, customers become more demanding in their quest for an enhanced and customer-centric user experience.

As enterprises defend their market position in increasingly competitive environments and shrinking margins, companies evolve into service-integrating platforms, digitally supplying offers of meshed services, available across corporate boundaries and spread across a hybrid cloud.

What started in the telecommunication sector in the 1990s has reached security-sensitive sectors like financial services  and  government, as well as safety-oriented industries such as automotive, aviation and manufacturing, where platform-oriented value nets dynamically create new service compositions.

 Security Processes Gain Relevance Across Industries

The quantity of simultaneously performed  security-relevant digital processes requires high performance (e.g., in high frequency transaction processing),  identity and access management (IAM) for securing the hybrid multi-cloud enterprise, data handling or bulk invoicing.

Security Processes Gain Relevance Across Industries

 

Digital transformation creates open flanks for cybercriminals. Security breaches have increased by 67% since 2014. By the end of 2021, the expected annual damage through cybercrime is estimated to reach $ 6 trillion (source: CyberObserver).

Gartner expects the worldwide spending on cybersecurity to reach $ 133.7 billion by 2022 (Gartner).

 Variety and Agility in the Root of Trust

The Root of Trust to financial services or enterprise-grade security processes are Hardware Security Modules (HSM), generating, safeguarding and managing cryptographic keys to perform encryption and decryption functions.

Typical HSM-related use cases are transaction & payment processing, code signing, identity & access management, public key infrastructures, digital signature creation, blockchains, or time stamping.

Variety and Agility in the Root of Trust

 

HSM technology has been developed to meet compliance standards that would be dependent upon the market and field of application. For example, payment servers require compliance to the Payment Card Industry standard PCI-HSM. Security processes like PKI require compliance to the FIPS-140-2/-3 standard, digital signatures need HSMs compliant to the eIDAS regulation, etc.

The composition of standards and regulated cryptographic algorithms may not remain the same over the life-time of the security architecture. Algorithms are becoming insecure over time as research and computing power progress, as well as cybercriminal inventiveness. This will lead to a continuous need for replacement.  A noted example is the 3DES-algorithm, which was officially being retired by NIST on July 19, 2018. In view of the advancing quantum computers and the ephemerality of “safe” algorithms, the American National Institute of Standards and Technology NIST even suggests “candidate algorithms” until it will be safe to speak of a standard.  Therefore, security infrastructure will require a high level of crypto-agility to be able to evolve with required standards and developing security requirements.

 Converging and Simplifying the Root of Trust

In a study of 50 major data breaches, conducted by Boston Consulting Group, 72% of the failures were the result of “ an organizational failure, a process failure, or employee negligence.”

No wonder, given the quantity, dynamics and decentralization of composite services.

A big challenge is the diversity and heterogeneity of related data security infrastructures, leading to high cost of ownership and susceptibility to errors.

HSMs need to be able to protect data across the hybrid cloud, from the local datacenter to a third party cloud. It is vital that the operating company – the ‘data controller’ (regardless of whether it is a financial institution or an automotive manufacturer) maintains ownership of the keys, to avoid a vendor lock-in with a cloud operator but also to prevent access to unencrypted data by third parties.

Given the many different applications and regulations that require a level of compliance; HSMs are an important cost factor, as often many of these modules are needed to satisfy multiple requirements.

The increasing need for HSMs and the tendency towards service based infrastructures requires a cloud-agnostic HSM solution, able to seamlessly bridge the gap between on-premise and cloud deployments.

The first cloud HSMs which were available in the market since 2017 were able to configure policies per tenant however, they still were not able to satisfy the requirement for individual firmware, which forced users to deploy different hardware for different certification requirements.

Converging and Simplifying the Root of Trust

 

This is where Utimaco delivered a disruptive innovation in 2021 –  a fully containerized cloud HSM. With individual firmwares per container, Utimaco’s u.trust Anchor provides FIPS and PCI compliance in one platform, and satisfies requirements like non-repudiable digital signing or the useof quantum-safe algorithms (candidates).

Chart containerized cloud hsm

Hardware consolidation is essential in order to eliminate the requirement for multiple devices. In turn, processes would be streamlined and workloads reduced, resulting in a minimised risk of human error. The total cost of ownership is minimized on two axes. Firstly, commissioning and maintenance effort is reduced. Secondly, the number of HSMs decreases. In fact the u.trust Anchor hosts up to  32 containerized HSMs in one module and  efficiency of 40,000tps.

Considering the rapid transformative shift in security-relevant industries such as  the financial services  and automotive sectors, the u.trust Anchor platform is clearly best-in-class – it is the right product at the right time.

Productos relacionados

Productos relacionados

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.