Table of Contents

Today more than ever, organizations have a need for high level security of their data and the keys that protect that data. The lifecycle of cryptographic keys also requires a high degree of management, thus automation of key lifecycle management is ideal for the majority of companies. This is where Hardware Security Modules, or HSMs, come in. HSMs provide a dedicated, secure, tamper-resistant environment to protect cryptographic keys and data, and to automate the lifecycle of those same keys. But what is an HSM, and how does an HSM work?

What is an HSM?

A Hardware Security Module is a specialized, highly trusted physical device which performs all major cryptographic operations, including encryption, decryption, authentication, key management, key exchange, and more. HSMs are specialized security devices, with the sole objective of hiding and protecting cryptographic materials. They have a robust OS and restricted network access protected via a firewall. HSMs are also tamper-resistant and tamper-evident devices. One of the reasons HSMs are so secure is because they have strictly controlled access, and are virtually impossible to compromise.

For these reasons and more, HSMs are considered the Root of Trust in many organizations. The Root of Trust is a source in a cryptographic system that can be relied upon at all times. The strict security measures used within an HSM allow it to be the perfect Root of Trust in any organization’s security infrastructure. Hardware Security Modules can generate, rotate, and protect keys, and those keys generated by the HSM are always random. HSMs contain a piece of hardware that makes it possible for its computer to generate truly random keys, as opposed to a regular computer which cannot create a truly random key. HSMs are also generally kept off the organization’s computer network, to further defend against breach. This means an attacker would need physical access to the HSM to even view the protected data.

Implement HSM with existing Infrastructure

Types of HSMs

There are two main types of Hardware Security Module:

  1. General Purpose

    General Purpose HSMs can utilize the most common encryption algorithms, such as PKCS#11, CAPI, CNG, and more, and are primarily used with Public Key Infrastructures, cryptowallets, and other basic sensitive data.

  2. Payment and Transaction

    The other type of HSM is a payment and transaction HSM. These types of HSM are created with the protection of payment card information and other types of sensitive transaction information in mind. These types of Hardware Security Module are narrower in the types of organizations they can work within, but they are ideal to help comply with Payment Card Industry Data Security Standards (PCI DSS).


As HSMs are used so often for security, many standards and regulations have been put in place to ensure Hardware Security Modules are properly protecting sensitive data. The first of these regulations is the Federal Information Processing Standard (FIPS) 140-2. This a standard that validates the effectiveness of hardware performing cryptographic operations. FIPS 140-2 is a federal standard in both the USA and Canada, is recognized around the world in both the public and private sectors, and has 4 different levels of compliance.

  • Level 1, the lowest level, focuses on ensuring the device has basic security methods, such as one cryptographic algorithm, and it allows the use of a general purpose model with any operating system. The requirements for FIPS 140-2 level 1 are extremely limited, just enough to provide some amount of security for sensitive data.
  • Level 2 builds off of level 1 by also requiring a tamper-evident device, role-based authentication, and an operating system that is Common Criteria EAL2 approved.
  • Level 3 requires everything that level 2 does along with tamper-resistance, tamper-response, and identity-based authentication. Private keys can only be imported or exported in their encrypted form, and a logical separation of interfaces where critical security parameters leave and enter the system. FIPS 140-2 level 3 is the most commonly sought compliance level, as it ensures the strength of the device, while not being as restrictive as FIPS 140-2 .
  • Level 4 is the most restrictive FIPS level, advanced intrusion protection hardware and is designed for products operating in physically unprotected environments. Another standard used to test the security of HSMs is Common Criteria (ISO/IEC 15408). Common Criteria is a certification standard for IT products and system security. It is recognized all around the world, and come in 7 levels. Like FIPS 140-2, level 1 is the lowest level, and level 7 is the highest level.
  • The final standard is the Payment Card Industry PTS HSM Security Requirements. This is a more in-depth standard, focusing on the management, shipment, creation, usage, and destruction of HSMs used with sensitive financial data and transactions.

    The final standard is the Payment Card Industry PTS HSM Security Requirements. This is a more in-depth standard, focusing on the management, shipment, creation, usage, and destruction of HSMs used with sensitive financial data and transactions.

    Advantages to HSMs

    Hardware Security Modules have a number of benefits including:

    • Meeting security standards and regulations
    • High levels of trust and authentication
    • Tamper-resistant, tamper-evident, and tamper-proof systems to provide extremely secure physical systems
    • Providing the highest level of security for sensitive data and cryptographic keys on the market
    • Quick and efficient automated lifecycle tasks for cryptographic keys
    • Storage of cryptokeys in one place, as opposed to several different locations

    Free Downloads

    Datasheet of Encryption Consulting Services

    Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

    Encryption Services

    About the Author

    President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.


    Cloud-Based VS On-Premises HSMs


    The adoption of Public Key Infrastructure (PKI) has been going up steadily in enterprises across industry sectors and has been described in earlier articles1 . PKI mechanisms such as certificate-based authentication, encrypted communication, certificate management, code signing, and others all combine to ensure a secure enterprise. However, all the security benefits offered by PKI can come to naught if the private keys used for various purposes, are compromised. Therefore, the critical success factor (and biggest vulnerability) in PKI and any cryptography system is the safe storage and management of private keys. This is where a Hardware Security Module (HSM) comes in.

    HSM Overview

    An HSM is a specialized, dedicated, physical cryptographic device or ‘appliance’ designed and built for key lifecycle management – generation, storage, management and exchange of cryptographic keys. HSMs are also used for offloading of cryptographic functionality from application servers – examples being authentication, encryptiondecryption, and digital signing. HSMs offer certified mechanisms for physical and logical security, tamper resistance, intrusion prevention and detection, event logging, and secure APIs to access the HSM. HSMs allow for the segregation of the cryptographic tasks from application business logic, with unparalleled performance for any cryptographic function. For example, while software running on the best hardware might achieve a few thousand digital signatures per second, an HSM can achieve millions.

    Traditionally, HSMs were set up “on-premise” or within the enterprise data center. The prevalence of cloud computing, especially over the last few years, has seen the emergence of “Cloud based HSMs” or “HSM as a Service”. Regardless of the type whether on-premise or cloud based, enterprises need to keep some of the following features in mind while selecting an HSM.


    Any HSM needs to be certified to international security standards such as Common Criteria and FIPS (Federal Information Processing Standards). Certification provides the assurance that the design and build of the device meets certain basic criteria. While certification is necessary, it is not enough, and other criteria need to be considered while selecting an HSM.

    User Interface (UI):

    The UI for HSM administration is often command-line based. Some providers may have a centralized management portal with a graphical user interface (GUI) and dashboard, which can ease some of the administration tasks.


    Any HSM should provide a number of cryptographic algorithms (both symmetric and asymmetric) that can be used for multiple functions such as authentication, encryption, decryption, signing, timestamping, and others. A related factor can be future readiness such as support for new technologies like quantum cryptography.


    Once the HSM is deployed, ongoing maintenance and management tasks take up most of the administration work. Any automation features provided by the HSM vendor can be an advantage to reduce ongoing administration efforts and costs.

    Earlier articles on PKI are available at

    Key backup:

    Backup of keys needs to be done to an environment that has similar security levels as provided by the HSM. Remote backup management and key replication are additional factors to be considered.


    The HSM is not a standalone entity and needs to work in conjunction with other applications. An important feature to evaluate therefore is the integration capabilities. Over time, since the HSM will need to support multiple applications, out-of-the box and proven integration interfaces with multiple applications can be a significant advantage.

    Total Cost of Ownership (TCO):

    On-premise HSMs will have a higher upfront investment or Capital Expenditure (Capex) and possibly lower annual costs. Cloud HSMs will have much lower or no Capex but may have higher annual costs or Operational Expenditure (Opex). The decision factor therefore typically is the TCO over a period of time, say five years. The cost factors to compute TCO include hardware, tools needed, network and security infrastructure, data center, operational model, payment model, software licenses, support, service levels, training, compliance, and personnel (staffing) costs.

    Random Number Generation:

    It is important that the HSM vendor uses an approved or certified process for Random Number Generation, since this could be a critical factor from a regulatory and compliance perspective.

    Once the basic features are evaluated, the next step is to decide whether to invest in an on-premise or cloud based HSM. Some of the scenarios that can help enterprises make this decision are indicated below.

    On-premise HSM

    HSMs originated decades ago as physical devices that were built grounds up especially for cryptographic operations and deployed on-premise. The hardware, firmware, operating system, network access and overall functionality of an HSM were all designed to ensure that the devices were tamper-resistant and intrusion proof.

    An on-premise HSM is a good option for enterprises with one or more of the following scenarios:

    • Large organizations which require complete and isolated control over their key management mechanisms, and who have a clear business case for the high investments needed in an on-premise HSM.
    • Applications which require very low latency, where an HSM being in the same data center as the application can make a big difference.
    • Applications with intensive cryptographic operations and a need for high performance, where offloading the cryptographic functions from an application server to a local HSM can result in a significant performance improvement for the application.
    • Organizations which operate in countries with strict requirements on data localization, and where cloud providers may not have a local data center in that geographic location.
    • Organizations with predictable workloads, where it is unlikely that the business requirements and transaction volumes will exceed the capacity of the HSM in the near future.

    Cloud based HSM

    A recent research report from Flexera indicates that around 94% of organizations today leverage some form of cloud services. As workloads of all types move to the cloud, HSMs are no exception. The simplicity, flexibility and agility offered by Cloud based HSMs make them an attractive value proposition, especially when enterprises face one or more of the following scenarios:

    • Small and medium organizations who already use a lot of cloud services and the high investments for on-premise HSMs may not be feasible.
    • Organizations who want to test or pilot multiple HSM services with minimal upfront investments, before committing to a vendor.
    • Organizations where the workloads are less and application performance and latency requirements may not require a dedicated, on-premise HSM.
    • Organizations with highly variable workloads which might require elasticity i.e. scaling up and scaling down of the HSM infrastructure.
    • Organizations who prefer a predictable, operational expenditure (Opex) based financial model offered by the cloud rather than high upfront capital investments needed by an on-premise HSM.

    There are two types of cloud based HSMs: public cloud based, and third party. Both types offer the HSM-as-a-Service model. Depending on the vendor, both types may also offer single tenant as well as multi-tenant solutions, and additional key management services apart from HSMs. The main difference between the two cloud based HSMs is vendor lock-in. Public cloud based HSMs are typically tied to that public cloud provider such as AWS or Azure and are therefore suitable for enterprises which leverage only one public cloud provider. Third party cloud based HSMs usually work across multiple public cloud providers and therefore are a good choice for enterprises which have multi-cloud scenarios2. Third party cloud HSMs, being specialized offerings, may also have more sophisticated features such as automation, scaling, back-ups, and better administration. In general, the choice of a cloud based HSM is closely linked with the enterprise cloud strategy.

    Key Takeaways

    The question “Which is a better option: an on-premise HSM or a cloud based HSM?” has no single answer. Enterprises will need to choose the best option depending on their use cases and business scenarios. One thing however remains clear: the benefits offered by Public Key Infrastructure (PKI) can be completely undermined if private keys are compromised. Protecting and managing those keys is therefore a critical requirement to ensure enterprise security. HSMs, whether on-premise or cloud based, are the best options today to fulfil that requirement.

    A recent research report on cloud trends from Flexera indicates that more than 80% of organizations are moving to multi-cloud environments

    Free Downloads

    Datasheet of Encryption Consulting Services

    Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

    Encryption Services

    About the Author

    President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

    With cloud adoption soaring to whopping 96% in 2018 according to CIO, it’s no wonder that cloud security is a hot industry topic. In today’s dynamic world, many companies are accelerating their digital transformation by moving data and applications to the cloud; benefiting from scalability and reduced costs at the same time. With cloud becoming an integral part of any enterprise, the questions that many ask include:

    How to ensure cloud data security?

    Where and how to manage encryption keys in the cloud?

    How to ensure your data is securely stored and protected in a multi-cloud  environment?

    How to ensure vendor independence in a multi-cloud environment?

    Hardware Security Modules (HSMs) have been around for a long time and have over the years become synonymous with “security”. Many organizations that host their data and applications on-premise will use HSMs – physical security units that authenticate, generate and store cryptographic material to protect their most valuable assets. The HSM acts as the centralized Root of Trust providing the ultimate level of security that no software can offer. While this is a great option for on-premise scenarios, it becomes complicated if you’re in a multi-cloud environment.

    Say you do decide to go with the Key Management Service (KMS) offered by your Cloud Service Provider (CSP), what happens if your environment is a combination of private, public, hybrid or multi-cloud? The important question to ask would be if your CSP’s KMS supports data and applications hosted outside of their own data environment. Every enterprise has a unique cloud environment and getting locked-in with one vendor in the name of data security is probably not the best option. What you want to be looking for is a solution that is CSP-agnostic meaning supportive of various cloud environments so you can make the most of the benefits and services offered by key providers like Google, Azure, and AWS.

    Another consideration regarding your CSP’s KMS is the proximity of your valuable data assets and your encryption keys. Is it safer to keep your house key under the doormat or in a locked vault in a secure storage facility? At the end of the day, KMS is nothing more than software which undoubtedly lacks the stringent security protections of a dedicated unit like an HSM. As a best practice, it’s important to separate your encryption keys from your encrypted  data assets to minimize the risk of a catastrophic data breach.

    We are back at where we started. If HSM is the ultimate security solution, then wouldn’t it be ideal to be able to have access to HSM-level security for your cloud applications and workloads without taking on the expense and responsibility of managing your multi-cloud environment HSM? Today, solutions like HSM-as-a-Service or HSM-in-the-Cloud offer the best of both worlds combining the security of an HSM with a flexibility of a KMS. This might be the solution for you if you’re looking for:

    Multi-cloud deployments

    Migration flexibility – no CSP and cloud lock-in

    Reducing your capex

    Innovate  in the cloud – place your own firmware and custom code on the HSM

    With the right strategy and solution, you can ensure your cloud security is treated like your on-premise security. Get in touch with Utimaco to learn more about CryptoServer Cloud and how you can secure your cloud data without limiting your agility and potential. 

    Free Downloads

    Datasheet of Encryption Consulting Services

    Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

    Encryption Services

    About the Author

    Anish Bhattacharya is a Consultant at Encryption Consulting, working with PKIs, HSMs, creating Google Cloud applications, and working as a consultant with high-profile clients.

    Let's talk