Search
Close this search box.
Facebook Instagram Linkedin

Tag: Hardware Security Module

Categories
Data Protection

Secure Data with Encryption: Protect Valuable Assets

In a business environment where data security has become a critical pillar, understanding and applying encryption correctly is more than a necessity – it’s a strategic advantage.

It’s worth realizing that this journey is essential, especially for CIOs and information security specialists, when it comes to secure data with encryption for companies.

This provides a clear vision of how technologies, especially when combined with Hardware Security Modules (HSMs), can transform data security from a challenge into a competitive differentiator.

With a focus on innovation, we will explore how encryption not only protects valuable data, but also strengthens the company’s position with regard to regulatory compliance and customer trust.

Secure Data with Encryption for Business: The Current Scenario

Globally, in 2023, the data breach scenario presents a complex dynamic. Despite a significant reduction in the number of data records exposed in the United States,
the number of data breaches and breached accounts remains alarming
with 31.5 million accounts affected globally by September 2023. Secure Data with Encryption for Companies

In Brazil, the situation is also worrying.
Data from Surf Shark
 reveal that, from January to November 2021, more than 24 million Brazilians had their data exposed on the internet.

The average cost of a data breach in Brazil increased from R$157 to R$175, while the total cost exceeded R$3 million. This increase is attributed in part to the growth of remote work during the pandemic, incorrect use of misconfigured devices and the lack of a specialized IT and LGPD team in most companies.

According to
IBM’s 2023 report
the average cost of data breaches in Brazil fell slightly to R$6.20 million, but spending on detecting and resolving breaches increased by 24%.

The health, services and technology sectors are the most affected in terms of costs related to data breaches in Brazil.

Impact of Data Breaches

The implementation of AI and automation has been shown to significantly reduce the costs and time needed to detect and contain data breaches in the country.

In addition, phishing has been the main form of entry for attacks in Brazil, closely followed by compromised credentials. Attacks originating from malicious insiders are notoriously the most costly,
reaching an average cost of R

$ 7,10

million per incident
.

This data emphasizes the urgent need for robust and effective solutions that implement secure data with encryption for companies. This is where Hardware Security Modules solutions play a crucial role.

With the threat landscape constantly evolving, both globally and in Brazil, companies must be prepared to face and mitigate these risks with advanced technologies and well-planned security strategies.

The Importance of HSM to Keep Data Secure with Encryption

The Hardware Security Module is a fundamental part of the data security architecture, offering a level of protection that goes beyond what software encryption can achieve.

In short, HSMs are dedicated physical devices that manage and protect cryptographic keys, crucial for the security of sensitive data and transactions. They provide a highly secure environment, isolated from the operating systems and networks where the risks of breaches are greatest.

Practical benefits of using HSMs when it comes to keeping data secure with encryption
  • Enhanced Security:

HSMs protect against unauthorized access attempts and manipulation of cryptographic keys. They are designed to be resistant to physical and logical attacks, ensuring that the keys remain secure even in the event of a system breach.

  • Regulatory Compliance:

Many security standards and regulations require the use of HSMs to guarantee the integrity and confidentiality of cryptographic keys. Organizations that handle sensitive data, such as financial and health information, can meet regulatory compliance requirements through encryption more easily using HSMs.

  • Performance and Efficiency: Practical benefits of using HSMs

HSMs are optimized to perform cryptographic operations quickly and efficiently, reducing the impact on system performance. So keeping data secure with encryption is no longer a major challenge for companies.

  • Centralized management:

With HSMs, organizations can centralize key management, simplifying administration and reducing the margin for human error.

  • Versatility and Scalability:

HSMs can be used in a variety of applications, from protecting data at rest to supporting digital signatures and authentication. They are easily scalable to keep up with the growth of the organization.

To maximize the benefits of HSMs, organizations must integrate them into their existing IT infrastructure and data security strategies.

This includes evaluating specific requirements, choosing the appropriate equipment and the right configuration to ensure that security operations are optimized, thus achieving greater efficiency in keeping data secure with encryption.

Thales HSM as a Crucial Resource for Securing Data with Encryption

Thales HSMs, specifically the Luna network hardware security modules, represent an essential tool for advanced data protection.

These devices offer high-assurance security, tamper resistance and networking, with market-leading performance.

Unique capabilities of Thales HSMs:


  1. Advanced Cryptographic Key Protection:
     Thales HSMs protect the entire lifecycle of cryptographic keys within the limits validated by FIPS 140-2, guaranteeing key security superior to other storage methods.

  2. Market-leading performance:
     Thales’ Luna Network HSMs are faster than other HSMs available, ideal for use cases that demand high performance, such as SSL/TLS key protection and high-volume code signing.

  3. Scalable Security for Virtual and Cloud Environments:
     These devices can be divided into up to 100 cryptographically isolated partitions, acting as multiple independent HSMs, providing enormous scalability and flexibility.

  4. Simplified Administration:
     Thales Crypto Command Center facilitates the management of multiple HSMs, offering on-demand provisioning and efficient monitoring of encryption resources.

  5. De facto Standard for the Cloud:
     Thales HSMs are widely deployed in public cloud environments, adjusting to different cryptographic performance requirements in on-premises, private, public, hybrid or multi-cloud environments.

  6. Extensive Partner Ecosystem:
     Thales has an extensive ecosystem of partners, including Eval is part of it, facilitating the integration of its HSMs with a wide range of standard applications.

  7. Support for Emerging Technologies:
     Thales HSMs are able to adapt to evolving threats and emerging technologies such as IoT and Blockchain.

  8. Regulatory Compliance:
     These devices meet compliance and audit requirements in highly regulated sectors, ensuring adherence to standards such as the General Data Protection Act (GDPR), GDPR, eIDAS, FIPS 140, Common Criteria, HIPAA, PCI-DSS and others.

Thales HSM is an invaluable resource for companies looking to protect valuable data with encryption. Its advanced technology, superior performance, flexibility and regulatory compliance make it an ideal choice for organizations that need a reliable and effective data security solution.

Eval and Thales Partnership: Experience and Knowledge at the Forefront of Data Protection

The partnership between Eval and Thales represents a powerful combination of expertise and cutting-edge technology in the field of data security.

With Eval’s expertise and Thales’ advanced solutions, companies have access to a complete package for implementing robust data protection strategies.

In practice, the partnership between Eval and Thales results in several benefits for the companies:


Proven experience:
 Eval brings a successful track record in secure data implementations with Cryptography, complementing Thales’ advanced technological solutions.


Customized Solutions:
 This partnership makes it possible to create customized security solutions that meet the specific needs of each company, guaranteeing the best possible protection.


Specialized Support and Training:
 The combination of Eval’s technical expertise and Thales’ technology offers comprehensive support, including training and guidance for internal teams, ensuring efficient implementation and management.


Access to cutting-edge technology:
 Thales, as a leader in HSM solutions, ensures that companies benefit from the latest innovations in data security.

In terms of results, the partnership between Eval and Thales is a significant differentiator for companies seeking not just a data security solution, but an integrated and efficient strategy that combines the best technology with specialized knowledge.

Get in touch and find out more

Interested in deepening your understanding of how encryption and Thales HSMs can transform your data security?

The Eval-Thales partnership is ready to offer customized solutions that perfectly align with your needs.

To find out more about our services and how we can help strengthen your company’s data security, contact us today.

Together, we can create a robust strategy that not only protects your data, but also raises your organization’s confidence and compliance.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Written by Arnaldo Miranda, Evaldo. Ai, reviewed by Marcelo Tiziano and designed by Caio.

Categories
Data Protection

Hardware Security Module (HSM): Concept and Use

In today’s digital age, cybersecurity is a growing priority for companies of all sizes and industries. At the center of this fight against growing digital threats, the Hardware Security Module (HSM)stands out as a robust and reliable protection solution.

With the continuous growth of threats, combined with the increasing volume and sensitivity of the data managed by organizations, investment in security becomes more and more crucial.

The HSM, also known as the Hardware Security Module, plays a key role in safeguarding data and cryptographic keys.

This article will discuss the vital role these devices play in the cybersecurity of organizations, as well as provide guidance on how to effectively implement them to ensure comprehensive protection of business operations and customers.

Unraveling the HSM: the guardian of Cryptographic Keys and sensitive data

Basically, a Hardware Security Module is a physical security device designed to protect, manage, and perform cryptographic operations with cryptographic keys.

HSMs are available in various forms, each designed to meet the specific needs of enterprises and their IT infrastructures.

Current and most commonly used formats in the market include:

External Devices

Security modules are stand-alone devices, usually connected to servers or IT systems via a USB interface, or network.

They are easy to install and manage and can be used in environments with diverse IT infrastructure.

Server Expansion Cards

These HSMs are installed directly on the servers as an expansion card, connecting to the system bus for faster performance and integration.

They are ideal for high performance and security demanding environments such as data centers and financial institutions.

Cloud Hardware Security Module (Cloud HSM)

These devices are managed services by the cloud providers, allowing enterprises to leverage the security and performance of security modules without the need to purchase and manage physical hardware.

They are an attractive option for companies looking for flexibility, scalability, and cost savings.

Robust protection and optimized performance for your business

In practice, HSMs offer robust protection and optimized performance to ensure the security of cryptographic keys and sensitive data:

  • Robust protection:

Hardware security modules are designed with multiple layers of security to resist both physical and logical attacks. They include features such as tamper-resistant enclosures, tamper detection, and automatic key deletion in case of attempted unauthorized access.

In addition, the devices implement logical security mechanisms, such as encryption of stored keys and role-based access management, ensuring that only authorized persons can access and manage the cryptographic keys.

  • Optimized performance:

HSMs are built with specialized hardware components and optimized to perform cryptographic operations quickly and efficiently.

This is essential for processing large volumes of transactions or secure communications without adversely affecting system performance.

In addition, security modules efficiently manage the encryption load on servers and IT systems, freeing up resources for other tasks and improving overall performance.

  • Scalability and flexibility:

As we have seen, HSMs are available in various forms and configurations, including external devices, expansion cards for servers, and cloud managed services.

This diversity of options allows companies to choose the equipment best suited to their specific needs, ensuring scalability and flexibility as business needs evolve.

In this way, companies ensure that cryptographic keys and sensitive data are protected efficiently and securely, making it an essential solution for the cybersecurity of their business.

HSMs in action: crucial applications to protect your digital assets

Let’s look in detail at how HSMs are applied in crucial situations to ensure the security and integrity of digital assets:

  1. Cryptographic Key Management

Hardware security modules are designed to manage the complete lifecycle of cryptographic keys, including generation, storage, rotation, and their secure destruction.

This ensures that the keys are protected against unauthorized access and malicious manipulation.

  1. Data encryption and secure storage

HSMs offer high-performance encryption to protect data at rest and in transit.

They ensure that data stored on servers, storage devices, and cloud environments is protected with strong cryptographic algorithms and securely managed keys.

  1. Authentication and Access Control

Hardware security modules can be used to authenticate and verify the identity of users, devices, and systems, ensuring that only authorized parties access critical resources.

They also support role-based access management to provide granular control over who can access and manage cryptographic keys and sensitive data.

  1. Digital signature and data integrity

The security modules are essential for the generation and verification of digital signatures, ensuring the authenticity, integrity, and non-repudiation of electronic transactions and communications.

They secure business processes and help meet regulatory requirements, such as signing electronic documents and complying with payment security standards.

  1. Public Key Infrastructure (PKI)

HSMs are widely used in PKI solutions to protect and manage private keys used in issuing and revoking digital certificates.

This ensures the security and reliability of authentication and encryption processes that rely on PKI, such as secure communications and access to critical resources.
  1. Financial transaction protection

Hardware security devices are key to securing financial transactions such as credit card payment processing, bank transfers, and digital currency transactions.

They ensure the security and confidentiality of financial information and help meet business-related compliance standards.

Why Ignoring Cybersecurity Could Be Your Company’s Biggest Mistake

In today’s digital age, protecting sensitive information and data is critical to the success of businesses. Cyber threats are constantly evolving, becoming more sophisticated and damaging every day.

This is where hardware security modules come into the picture, providing advanced and reliable security to protect organizations’ digital assets.

Here are some reasons why companies actually need HSM equipment in their business operations:

Data Protection

With the increasing volume of data generated and stored by companies, the need to protect this data has become even more important.

HSM security appliances provide robust protection for sensitive information and critical data, ensuring that only authorized people can access it.

In practice, security modules offer an additional layer of protection for cryptographic keys and sensitive data. They are built with advanced physical and logical security features, such as tamper-resistant enclosures and tamper detection.

Role-based access management ensures robust protection against physical and cyber attacks.

Cost reduction

While the initial implementation of HSMs may involve a significant investment at the start of the implementation project, the long-term benefits include reduced costs related to data breaches and compliance.

In addition, the improved performance and operational efficiency provided by the devices can lead to even greater efficiency in managing cybersecurity investments.

Compliance with regulations and standards

Companies need to meet various regulations and compliance standards related to data security and privacy.

A clear example is the General Law of Data Protection (LGPD), which came into force in Brazil in 2020. The LGPD requires companies to implement appropriate security measures to protect the personal data of their customers and users.

HSMs help companies comply with these regulations and standards, minimizing the risks of data breaches and associated fines.

Brand trust and reputation

Data protection and privacy are growing concerns for consumers and customers.

By investing in hardware security modules, companies demonstrate their commitment to protecting information, strengthening customer trust and loyalty, and thus fostering successful and long-lasting relationships.

Risk Reduction

Data breaches and cyber attacks can have devastating consequences for companies, including financial losses, reputational damage, and disruption of business operations.

By implementing HSMs, companies can significantly reduce the risk of data breaches and minimize the impact of potential cyber attacks.

Competitiveness

Companies that adopt HSMs and other advanced security technologies can stand out in highly competitive markets where data protection and compliance are key success factors.

The implementation of security devices can be a strategic differentiator, providing competitive advantage and attracting new customers and business partners.

Considering these factors, it is clear that companies need HSM equipment in their business operations to ensure efficient and secure protection of their digital assets and customers.

HSM device deployment is a key part of enterprises’ cybersecurity strategy

By effectively incorporating hardware security modules into their cybersecurity architecture, companies can ensure that their valuable information is protected. They also help to maintain compliance with the regulations and standards applicable to your business segment.

In this scenario, Eval, a specialist in the information security segment, stands out as a reliable and experienced partner for the implementation and management of HSM solutions.

The official partnership between Eval and Thales, a global leader in cybersecurity solutions, ensures customers have access to cutting-edge technologies and an innovative approach to protecting their digital assets.

Together, these companies offer high-performance, reliable, and scalable solutions tailored to the specific needs of each organization.

Investing in HSMs is a key step for companies toward a comprehensive and effective cybersecurity strategy. Eval and Thales’ expertise is crucial to ensure this evolution of cyber security.

This partnership provides customers with the support they need to protect their data, ensure business continuity, and promote trust between customers and partners.

Take the next step toward securing your digital assets: contact Eval now!

If you are ready to strengthen your company’s cybersecurity and protect your digital assets with an HSM implementation, Eval is the ideal partner to help you on that journey.

With the expertise and partnership with Thales, Eval can offer customized and effective solutions that fit your specific needs.

Don’t put your company’s security off until later. Contact the Eval team today and find out how our HSM solutions can take your data protection to the next level.

Click the button below to schedule a free consultation with our experts and start building your company’s digital fortress.

Contact Eval now!

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Written by Arnaldo Miranda, Evaldo. Ai, reviewed by Marcelo Tiziano and designed by Caio.

Categories
News

Real Digital – The Monetary Innovation of Brazil’s Central Bank

The Real Digital is a digital currency proposal from the Central Bank of Brazil (BCB), which aims to modernize the national financial system and improve the efficiency of the payments market.

In this context, information security and data protection are key aspects to ensure the reliability and acceptance of this new way of conducting financial transactions using digital currency.

In this article, we will explore the context of the Digital Real, its development stages, and the importance of information protection in the process.

The growing importance of central bank digital currencies on the global stage

In Brazil, the BCB has been following the topic for a few years. In August 2020 it organized a working group to conduct studies on the issuance of a digital currency by the institution.


The group had representatives from all areas of the Central Bank
 and counted on the direct involvement of several departments, especially International Affairs, Financial System Monitoring, Banking and Payment System Operations.

Preliminary results were presented to Directorate of the institution, which determined the establishment of a regular forum to discuss the topic with the Central Bank’s technical staff.

The discussions conducted in this forum motivated:

  1. The publication of the project guidelines in May 2021;
  2. Holding a series of webinars to discuss the potential applications of the new currency with society;
  3. The Lift Challenge Real Digital, with the goal of developing technological solutions for the implementation of the new currency.

According to the Central Bank project coordinator, Fabio Araújo,
the Real in digital format will work as a
a Pix
on a large scale
, allowing instant large-value wholesale transfers, such as for large companies and financial institutions.

The road to the development and implementation of the Digital Real in Brazil

The first phase of the project involves the development of a test platform that registers assets of various types and natures.

The platform chosen was Hyperledger Besu, which operates on open source, which reduces costs with technology licenses and royalties.

Hyperledger Besu is compatible with
technology
Ethereum technology
, which is responsible for the architecture used by the Ether (ETH) cryptocurrency and other decentralized applications.

The technology allows tests in controlled environments, guaranteeing the privacy of transactions. BC’s reasons for choosing Hyperledger Besu.

According to the Central Bank, the testing phase will be completed in December 2023
and in March 2024
, if the Hyperledger Besu platform can support the simulated transactions, it will be used to set up the Digital Real.

The goal is to reach Real Digital maturity starting in 2024

The schedule foresees the availability of Real Digital to the population by the end of next year. During the test phase, each participant from the financial sector is to contribute its share of the infrastructure.

In April, the Central Bank will organize a workshop with financial institutions and technology companies to pass on the guidelines. Starting in May, the monetary authority will choose the participants of the pilot project.

With the participants defined, there will be transaction tests with Real Digital in a simulated environment, without real values. The assets to be used in the pilot will be as follows:

  • Deposits from bank reserve accounts, settlement accounts, and the National Treasury’s single account;
  • Bank deposits on demand;
  • Payment accounts of payment institutions;
  • Federal government bonds.

The National Treasury will participate in the testing phase to enable the construction of cheaper and more efficient technology for trading government bonds in the primary and secondary markets.

In the simulated operations, a fictitious investor will buy government bonds through the bank’s application that will connect to the test platform.

In addition, the tests will also include the possibility of liquidating loans with long-term investment funds without without disposing of the entire financial application.

Successful implementation of the project can lead to a more inclusive, competitive, and efficient financial system. However, there are still challenges and tests to be carried out to ensure the viability and security of the digital currency.

Eval is tracking Real Digital’s progress

Eval, a reference in technology and innovation, closely follows the progress of Real Digital and foresees a scenario of major changes in the country’s financial sector.

In fact, there is the expectation that the new digital currency will transform the Brazilian financial system, bringing greater efficiency and financial inclusion to the population.

Soon, Real Digital should open doors for the development of new financial services, further expanding the offer of technological solutions in the market.

47 projects were presented, of which 9 were selected to “test” the Real Digital. were selected to “test” the Real Digital, innovative solutions that can be developed based on the Brazilian currency platform in digital format.

It is also worth mentioning, the scenario of collaboration opportunities with the Central Bank of Brazil and other financial institutions in the development and implementation of the Digital Real.

As with PIX, Eval, with all its knowledge and expertise in technology and innovation, can contribute significantly to the project’s success.

Ensuring the safety and security of financial transactions will be key to the success of the Digital Real

With the increase in digital transactions, the need for effective security measures becomes even more important to prevent fraud and data breaches.

In this context, solutions such as the
Hardware Security Module (HSM)
 or Data Protection on Demand
DPoD
which in short is an HSM in the cloud, play a key role.

HSMs are physical cryptographic devices that provide an additional layer of security to protect cryptographic keys. When integrated with Hyperledger Besu, HSM can raise the level of Real Digital’s reliability.

By using HSMs in the Real Digital infrastructure, the BCB can ensure that financial transactions are processed with a high level of protection.

This protects both the users and the financial institutions involved, and with it greater confidence in the Real Digital.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Cryptographic Key Management: Learn How to Protect Yourself

Hardware Security Module (HSM) basically consists of a physical device that provides extra security for sensitive data. This type of device is used to take care of cryptographic key management for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases.

Companies can use an HSM to protect trade secrets with significant value. This ensures that only authorized individuals can access the device and use the key stored on it.

Responsible for performing cryptographic operations and Cryptographic Key Management

HSM solutions are designed to meet stringent government and regulatory standards and often have strong access controls and role-based privilege models.

Designed specifically for fast cryptographic operations and resistant to logical and physical tampering, adopting an HSM is the most secure way to perform cryptographic key management. However, its use is not so practical and requires additional software.

The use of HSM should be standard practice for any highly regulated organization, thus preventing these companies from losing business from customers such as the government, financial and healthcare systems, which require strong protection controls for all data considered sensitive in their operations.

It is also important for companies that adopt, as part of their strategies, the care not to take risks due to lack of necessary protection, these being able to tarnish the image of the organization.

Best practices and uses of the HSM

The use of HSMs can provide improved cryptographic throughput and result in a more secure and efficient architecture for your business.

HSM becomes a vital component in a security architecture, which not only minimizes business risks but also achieves top performance in cryptographic operations.

Some of the best practices and use cases for HSMs used by leading security practitioners are as follows:

Storage of certificate authority keys

The security of certificate authority (CA) keys is most critical in a Public Key Infrastructure (PKI). If a CA key is compromised, the security of the entire infrastructure is at risk.

CA keys are primarily stored in dedicated HSMs to provide protection against tampering and disclosure against unauthorized entities. This can be done even for internal CAs.

Storage and management of application keys

Cryptography, considered essential in many businesses, is also helped by the powerful performance of HSMs, doing an incredible job of minimizing performance impact of using asymmetric cryptography (public key cryptography) as they are optimized for the encryption algorithms.

A prime example of this is database encryption, where high latency per transaction cannot be tolerated. But don’t forget to encrypt only what is necessary, so your solution won’t spend time on non-sensitive information.

Encryption operations

Encryption operations are sometimes time consuming and can slow down applications. HSMs have dedicated and powerful cryptographic processors that can simultaneously perform thousands of cryptographic operations.

They can be effectively used by offloading cryptographic operations from application servers.

Full audit trails, logging and user authorization

HSMs should keep the record of cryptographic operations such as key management, encryption, decryption, digital signature and hashing according to the date and time the operation was performed. The process of recording events involves the authenticity and protection of the time source.

Modification of the date and time settings interface requires strong authentication by a smart card or at least two people to sanction or authorize this task.

Destruction of keys in case of attacks

HSMs follow strict safety requirements. The most important content for an HSM is the keys. In the event of a physical or logical attack, they reset or erase all your keys so they don’t fall into the wrong hands.

The HSM should “reset” itself, deleting all sensitive data if it detects any undue tampering. This prevents an attacker who has gained access to the device from gaining access to the protected keys.

The full lifecycle of keys

NIST, the National Institute of Standards and Technology, a non-regulatory agency of the US Department of Commerce, defines the encryption key lifecycle as 4 main stages of operation: pre-operational, operational, post-operational and deletion, and requires that, among other things, an operational encryption period be defined for each key. For more details, click here and see from page 84 to page 110.

Therefore, a cryptographic period is the “time interval during which a specific key is authorized for use”.

In addition, the cryptographic period is determined by combining the estimated time during which encryption will be applied to the data, including the period of use and the period in which it will be decrypted for use.

Long-term encryption

But after all, since an organization may reasonably want to encrypt and decrypt the same data for years on end, other factors may come into play when considering the cryptographic period:

You can for example limit it to:

  • Amount of information protected by a given key;
  • Amount of exposure if a single key is compromised;
  • Time available for physical, procedural and logical access attempts;
  • Period within which information may be compromised by inadvertent disclosure.

This can be boiled down to a few key questions:

  • For how long will the data be used?
  • How is the data being used?
  • How much data is there?
  • What is the sensitivity of the data?
  • How much damage will be caused if data is exposed or keys lost?

So the general rule is: as the sensitivity of the protected data increases, the lifetime of an encryption key decreases.

Given this, we see that your encryption key may have a shorter active life than an authorized user’s access to the data. This means that you will need to archive deactivated keys and use them only for decryption.

Once the data has been decrypted by the old key, it will be encrypted by the new key and over time the old key will no longer be used to encrypt/decrypt data and can be deleted.

Life cycle management of cryptographic keys using HSM

It has often been said that the most difficult part of cryptography is key management. This is because the discipline of cryptography is a mature science where most of the major issues have been addressed.

On the other hand, key management is considered recent, subject to individual design and preference rather than objective facts.

An excellent example of this is the extremely diverse approaches HSM manufacturers have taken to implementing their key management, which eventually led to the development of another product line, Ciphertrust. It has several features of HSMs and others that are unique, such as anonymization and authorization for example.

However, there have been many cases where HSM manufacturers have allowed some insecure practices to go unnoticed, resulting in vulnerabilities that have compromised the lifecycle of cryptographic keys.

Therefore, when looking for an HSM to manage full lifecycle, secure and general purpose, it is essential to inspect those that have excellent customer references, long deployment life and quality certifications.

HSM in a nutshell

To summarize, an HSM is typically a server with different levels of security protection or simply “protection” that prevents breaches or loss. We can summarize it like this:

  • Tamper-evident: addition of tamper-evident coatings or seals on bolts or latches on all removable lids or doors.
  • Tamper resistant: adding “tamper detection/response circuitry” that erases all sensitive data.
  • Tamper proof: complete module hardening with tamper evident/resistant screws and locks, together with the highest sensitivity “tamper detection/response circuit” that erases all sensitive data

With many organizations moving some or all of their operations to the cloud, the need to move their security to this architecture has also emerged.

The good news is that many of the leading HSM manufacturers have developed solutions to install traditional HSMs in cloud environments.

Therefore, the same levels of “protection” will apply as we have a traditional HSM in a cloud environment.

Learn more about the use of HSM in cryptographic key management in our blog and find out how to apply encryption technology effectively in your business by contacting Eval’s experts.

We are available to answer your questions and help you define the best ways to protect your organization against data leakage and theft.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias. 

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a Lei Geral de Proteção de Dados (LGPD). Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos. 

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível. 

Eval, segurança é valor. 

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE: 05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97