3 Trends Show the Growing Importance of HSMs Among Organizations

essidsolutions

Organizations are increasingly turning to hardware security modules (HSMs) to protect their public cloud-based application, according to the Entrust 2021 Global Encryption Trends Study. John Grimm, vice president of strategy, Entrust, dives deeper into the implications of these findings.

By the end of 2021, GartnerOpens a new window expects spending on public cloud services to grow 23%, exceeding $330 billion worldwide. As organizations increasingly use the cloud to store and manage sensitive information, they are also upping the ante on security practices. 

The Entrust annual Global Encryption Trends StudyOpens a new window , conducted by the Ponemon Institute, found that organizations are turning to hardware security modules (HSMs) to protect their public cloud-based applications. Let’s take a deeper dive into the findings and their implications.

But First, What Is an HSM, and Why Does It Matter?

Would you leave the keys to your home outside in a discoverable spot? Or make your signature easily reproducible for identity thieves? Of course not. You would make sure your keys are secure, and your signature is difficult to forge.

Just like your personal assets, a business’s data assets also need multiple safeguards in place. In the case of cryptographic solutions, like encryption and digital signature solutions that require private keys, securing the keys used to unlock confidential information or prove authenticity is critical.

Organizations are increasingly turning to HSMs to provide an additional layer of security. HSMs are certified, tamper-resistant devices that manage the key lifecycle and protect cryptographic operations within a secure boundary. They help organizations meet regulatory requirements, protect security-critical operations, and build trust with customers.

HSM controls and policies safeguard access to keys and key usage and help mitigate the risk of impersonation or a data breach. Organizations can manage HSMs on their own or subscribe to an HSM-as-a-service, enabling greater flexibility to scale as needed. 

Learn More: What’s Next for DevOps Automation?

Global Encryption Trends’ Findings on HSMs and the Cloud

The Ponemon Institute’s research found that nearly half of businesses are turning to HSMs that support cloud-based platforms. As digital transformation and the Internet of Things (IoT) expand, organizations are strengthening their encryption practices to secure increasingly dispersed data. 

The 2021 Global Encryption Trends StudyOpens a new window surveyed 6,610 individuals across industries in 17 countries and regions. Conducted annually since 2005, the study examines how encryption is evolving and impacting organizations’ security. The report found a number of trends relating to HSMs, including:

1. HSMs are growing in importance and usage

Over the past eight years, HSM deployment has risen steadily. In 2012, the first year asking about HSMs, only 26% of respondents used an HSM in their organization. Today, almost half (49%) of organizations globally deploy HSMs. 

And HSM usage differs depending on your location in the world. The United States (72%), Germany (70%), Middle East (68%), and Japan (63%) are most likely to deploy HSMs out of the 17 regions surveyed. This may be due to the fact that the United States, Germany, and Japan are the top countries that transfer sensitive or confidential data to the cloud. 

The operational importance of HSMs has doubled over the past eight years. Today, 66% of respondents, compared to 33% in 2012, rate HSMs as either very important or important to their organization’s encryption or key management activities. The United States (81%), Middle East (76%), and the Netherlands (76%) are most likely to assign importance to HSMs. Both Germany (68%) and Japan (72%) also fall above the global average.

2. Use of HSMs in conjunction with public cloud-based applications is expected to rise

The use of HSMs in conjunction with public cloud-based applications is likely to increase in the next 12 months. The HSM models organizations are currently using and expect to use in 2021 include: 

  • About 49% of respondents currently own and operate HSMs on-premise at their organization, accessed real-time by cloud-hosted applications. In the next 12 months, 56% plan to use HSMs in this way.
  • About 39% of respondents currently rent or use HSMs from a public cloud provider hosted in the cloud. Respondents expect usage to stay the same in the next 12 months.
  • About 17% of organizations currently own HSMs to generate and manage BYOK (Bring Your Own Key) to send to the cloud for use by the cloud provider. In the next 12 months, 24% plan to use HSMs in this way.
  • About 14% of respondents own and operate HSMs that integrate with a Cloud Access Security Broker (CASB) to manage keys and cryptographic operations. The percentage of organizations using an HSM that integrates with a CASB will jump to 24% in the next 12 months.

Only 3% of respondents that currently use HSMs are not doing so with public cloud applications. In the next 12 months, this is expected to fall to 1% of respondents.

The rising use of HSMs for the cloud indicates businesses need more secure ways to protect access to data, especially as hybrid work continues. 

3. Organizations are centralizing HSM services

Nearly two-thirds of respondents (61%) have a centralized team that manages cryptography (including HSMs) within their organization. The remaining 39% say each individual application owner or team handles their own cryptographic services.

The shift to centralized management is a promising sign of strengthened security. The more siloed cryptographic systems are, the more difficult it is to enforce best practices across the organization and maintain skilled staffing. A unified approach to key management helps organizations achieve cryptographic agility, enforce and report on policy for audit purposes, and better respond to emerging threats.

Learn More: Benefits of an Enterprise Low-Code Platform for Manufacturers

The Internet of Things (IoT) Necessitates Stronger Encryption Practices

CIOs are under pressure to scale their public cloud infrastructure to meet the needs of a hybrid workforce. As a result, the use of HSMs to keep key management — and therefore business-critical information — secure is increasing. 

A single breach can jeopardize a businesses’ reputation and trust with customers. But the rising importance of HSMs shows that IT professionals are working to achieve higher levels of data security. In the Internet of Things (IoT) age, strong encryption practices will help organizations mitigate the risks, build customer trust, maintain high service levels and achieve agility.

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA