A Hardware Security Module (HSM) is a physical security device that safeguards and manages digital keys, performs encryption and decryption services, strong authentication, and often have tamper detection and prevention built into the devices themselves. Each HSM contains one or more secure ‘cryptoprocessor’ chips to prevent tampering and ‘bus probing’.
A common example of HSMs in our daily lives is our use of Automated Telling Machines (ATMs). We all possess ATM or Debit cards that allow us to gain access to our bank account. When you insert your card into the machine, it verifies that the 4 digit PIN you enter matches the reference PIN known to the card issuer. Similarly, this is how a network administrator would gain access to sensitive information. They would have their physical security card (or device) along with another form of authentication such as a password they know or biometric information (fingerprint, retina scan). HSMs are used as a form of Two-Factor Authentication when attempting to access critical data in a network or system.
What does this mean for an SMB?
Network administrators at an MSP or SMB may not have much reason to work with an HSM to secure their company or network. The exception here is high security SMBs working on government contracts which need to protect CUI, ITAR, or Top secret data. In these cases, they may receive an HSM from the government to protect the data entrusted to them. For most others, it is not likely to be used or needed. While HSMs have their place, it is more important for MSPs and SMBs to implement other security tools listed below in your toolbelt. CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Backup data using the 3-2-1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years
To learn more about Hardware Security Modules (HSMs), watch this short 3-minute video:
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Blog
- Cybrary (Cyber Library)
- Infographics
- Newsletters
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.