Hardware Security Module(HSM) Management
A Hardware Security Module(HSM) is a dedicated hardware or virtual appliance designed for secure storage and management of cryptographic key material. HSMs are hardened, tamper resistant devices that act as trust anchors for cryptographic infrastructure.
There are many use cases for these devices, supporting encryption, decryption, authentication and digital signing to name a few, but management and administration can be complex and costly.
Whether you have existing HSM infrastructure or are looking to deploy new devices, KT Secure can help.
HSM Audit and Analysis
If you have an existing HSM estate, KT Secure can conduct a full audit and analysis. This in-depth exercise covers the entire HSM estate and can extend to include associated secure assets such as physical keys and passwords.
A typical audit and analysis project may include:
- Appliance Health
- Backup appliances
- PED Keys
- PINs
- Passwords
- Appliance and partition policies
- Partitions
- Partition Contents
- Clients
In addition, we can also review and audit surrounding processes including password management, physical key management, physical security and access control.
HSM Health Check
In addition to our audit and analysis service, we can also perform in-depth health checks of your HSM infrastructure. KT Secure can provide best practice guidance to tune your HSM infrastructure for your enterprise needs.
Health checks can be fully comprehensive or target specific areas depending on your requirements:
- Software and firmware versions
- Upgrade paths
- Logging and monitoring
- Storage
- High Availability
- Security
- User Security
- Role-based Access Control
- Appliance and partition policies
HSM Support
If you need additional support for your HSM environment, KT Secure can provide remote support and single pane of glass management for your appliance estate. Our support packages are fully flexible – supporting anything from a single partition to a full multi-site highly available HSM deployment.
Support packages can include ‘business as usual’ activities such as:
- Partition capacity management and monitoring
- Partition creation/deletion/resizing
- User creation/deletion
- PED, PIN and password provisioning and management
- Deployment
- Cloning
- High Availability
HSM Backup and Restore
HSM infrastructure can become critical to an enterprise, and backup is a crucial task that is often overlooked. KT Secure can provide bespoke managed backup services for your HSM infrastructure, ensuring that data can be restored in the event of a disaster.
Our backup services are fully customisable and incorporate restoration testing to ensure data integrity:
- Configuration backup and restoration
- Partition backup and restoration, including item-level restoration
- Disaster recovery
- Archival
- Migration
Hardware Security Module Process Management
As with any critical secure asset, HSM deployments come with a considerable amount of management and administrative overhead. KT Secure can assist with the development of processes, procedures and supporting documentation to support your deployment.
Example processes may include:
- User management
- Client management
- Certificate management
- Log management
- Secure asset management (PEDs, PINs, passwords)
- Backup appliance management
- Secure storage requirements
Hardware Security Module Client Management
While managing the HSM appliances is of the utmost importance, it is also essential to maintain the client-facing infrastructure. The HSM clients interact with the HSM directly, providing an interface for your applications to perform secure operations.
KT Secure can deploy, manage, maintain and audit your HSM clients and provide best practice guidance to suit your environment including:
- Audit and discovery
- Security
- Installation
- Configuration
- Upgrades
- Monitoring
- Maintenance
- Health Checks
- Logging
- High Availability