Expand your HSM’s reach

Introduce your HSM to hundreds of new cloud and on-premise use cases

HSM Extension and Consolidation Overview

Enterprises world wide leverage HSMs as a primary secure storage mechanism for cryptographic keys.  And yet extending and expanding the value of legacy HSMs to new workflows, both on-premise and in the cloud, can present complex trade-offs and potential limitations.  If your company has invested significant resources purchasing, integrating, and maintaining Hardware Security Modules (HSM) with multiple products across multiple vendors and yet are hitting a wall securely innovating into agile workflows, contact KeyNexus.

What is HSM Extension?

Data-centric workloads are moving beyond the enterprise perimeter and into cloud, SaaS, & mobile.  Security workflows – encryption, authentication and signing – have migrated to end-point services, apps and software.  Though long the gold standard of on-premise secure key storage and data encryption, it can be increasingly challenging to maximize HSM value elsewhere, buried as they are, deep within the enterprise perimeter.  Reduced relevance of HSMs in supporting important new workflows make it a challenge to justify HSM cost.

KeyNexus’ pioneering solution increases HSM consumption and management efficiency and extends the reach of your HSM’s to a multitude of new workflows.  Plus, we’ll help you seamlessly layer on new, integrated features like advanced key management capabilities and key-level security policies.   KeyNexus HSM extension projects the value of HSM’s into your most in demand workflows.

What is HSM Consolidation?

Enterprises expend serious resources on training, maintaining, and integrating, multiple HSM brands and models, across multiple regions, data centers and business units.  With KeyNexus HSM consolidation, you manage your diverse HSM install-base in a single, unified key management platform that abstracts and unifies differences across all HSM lines. A single, GUI-based platform to interact with, means efficiency and cost savings.

Moreover, KeyNexus provides an array of simple key management and consumption integration points, such as APIs, REST and KMIP, so developers no longer need to interact directly with differing hardware. Since each HSM brand and model is different, and exposes different capabilities, HSM consolidation creates a common interface and layers on new features, policies and use cases.

More about HSMs

Significant changes in IT have impacted HSM’s value proposition across modern workflows. With corporate data and workflows distributed into cloud, SaaS and mobile environments, encryption functions are migrating to endpoints. Enterprises often provision keys into workloads outside of their control (think native encryption in a SaaS platform or IaaS-based object storage encryption). As a countermeasure, to ensure sole ownership and control, enterprises typically protect sensitive keys on-premise.

Since HSMs are meant to be well-removed from the corporate perimeter (Internet), behind several firewalls, enterprises struggle to leverage them in cloud, SaaS and mobile workflows.  HSMs typically also lack advanced key management capabilities, scalability, multi-tenancy, key/user-level policy enforcement and, importantly, connectivity to a broad array of use cases including KMIP, REST, and APIs in all major programming languages. Moreover, the hardware/firmware nature of HSMs means vendors cannot responsively provide security updates and new features/policies on request.  As a result HSMs and key management are increasingly seen as separate processes and activities.

KeyNexus solves these HSM-based challenges, while simultaneously allowing enterprises to increase the value of existing HSM infrastructure.  Eliminate reliance on multiple vendors and multiple proprietary key management solutions. With KeyNexus you get a single key management consolidation layer fronting multiple HSM brands (as well as a host of software-based and DIY methods).  KeyNexus provides much needed HSM and enterprise-wide key management consolidation, and also enables cloud and SaaS workflows enterprises want most.  New security policies and features, are automatically imposed against keys stored in the HSM, behind KeyNexus.  Now, securely provision keys from HSMs and inject them into multiple, distributed cloud/SaaS/mobile workflows.  Enterprises can now choose whether and how to migrate away from hardware dependencies reducing CapEx, risk, and complexity.

What is Key Extraction and Provisioning?

HSMs have historically been used to perform out-of-band encryption for local workloads because required encryption keys could not be extracted from HSM, hence the data had to pass through the HSM. With security workflows, such as encryption, moving out to the end-points, often outside the corporate perimeter, the option to send data back to the enterprise’s on-premise HSM isn’t practical, performant, or secure. As a result extraction and provisioning keys and other sensitive objects from on-premise or cloud-based HSMs has become paramount to supporting modern workflows. Since all HSM brands are different, this challenge is particularly daunting for enterprise security teams.

KeyNexus HSM-based key storage allows users to securely & simply provision keys via devops-friendly interfaces such as APIs, REST and KMIP and inject them into distributed security workflows.  Abstracting your HSMs means you protect a greater variety of sensitive secrets and user-defined objects beyond HSM published specs.  Similarly, KeyNexus allows you to hugely multiply the number of keys and sensitive objects protected by any single HSM.  For more information on how KeyNexus enables these unique advantages, please contact us.

Why KeyNexus?

KeyNexus platform technology front-ends your HSMs radically expanding reach and relevance while extending the lifespan of expensive capital investments.  Expand your HSM to support 100’s of fresh use-cases and new capabilities such as multi-tenancy, GUI-based management, and advanced policy control. Free up your technical staff for other important projects and improve your bottom-line.

With KeyNexus, you configure once and then never have to deal directly with your HSM again!  Contact us.