What is HSM? How Hardware Security Modules work


All data is not equal. Some data is more important. Even the business data. We protect all the business data. But there is a small fraction of data, that is on a completely different level, much more important. It requires extra special security measures.

Think of it as your home, a house. We care for our stuff. We have our belongings in a house, which protects them. We close the windows, lock the doors and install burglar alarms. But then there is also more precious stuff like jewellery or important family documents, photos, a last will. We put that in a – safe!

In a corporate digital environment HSM was developed as such a safe. Instead of a house we have corporate digital network, instead of belongings we have network assets and data. Data is secured in a network by regular security measures, but some data we will put in a safe, in an HSM or Hardware Security Module. Hardware – because it’s usually a physical device, an appliance or an extension card. Security – because it’s additionally secured, hardened on a physical, electronic and OS level. Hardening prevent unauthorized physical or electronic access to its contents, or shows immediate signs of tempering. A criminal trying to open it might for instance cause a destruction of its content instead of gaining access to it.

What kind of data do we store in HSM? Theoretically it could be anything that is precious to us. But most commonly it safeguards and manages digital keys and related stuff for strong authentication. If encryption secrets are stolen, it’s like stealing keys to a house, criminals could read all your other data. But why not combine storage and heavy processing? That’s why modern HSMs are also powerful crypto-processing appliances. We use them to store encryption secrets and perform fast cryptographic operations like encryption, document signing, timestamping etc. Very often they are used to protect financial networks and transactions, we call them Payment HSMs, like for instance Atalla products. Others can be more broadly used for all kind of security and cryptographic purposes, like Utimaco products.