Encryption and Key Management
To enable security in Information Systems, we should enable encryption since Information Technology is actually virtualizing (almost) everything, including the data and access to the data itself. We are not storing the data in a really written to the physical surface but instead in a solid-state material or magnetism state.
Encryption ensures that written data cannot be easily read since it is encrypted (scrambled) and requires a key to read normally. The key is becoming a vital piece of information since it can be read to encrypted data. Access privileges can then be built upon it: who can write it, who can read it, in what situation, etc.
Another issue arises: how we store the key securely. An open-accessible, plain key is another potential security breach. There we go: HSM comes into play. HSM has a core function of storing keys securely; the meaning of secure is really meant to be as secure as physical security. By using HSM, it can be easier for Developers and System Architects to mitigate any potential security breach. HSM complies with the concept of end-to-end security.
11DB/Postgres with ESE (Equnix Seamless Encryption) uses a mechanism to ensure that security is implemented comprehensively. Every system that uses encryption methods should have a key management system. There are three options for standard key management implemented in 11DB: HSM, TPM, and OHSM. You may choose one of the options, whichever you prefer.
HSM is a shorthand for the Hardware Security Module, an industry standard for enabling end-to-end security implementation. It is used mainly in banking, payment gateways, and any financial service industry. HSM comes in real hardware, usually in the form factor of 1U, half height, and has two physical keys (each dedicated for high-rank officers to reset manually). Its primary usage is to generate key pairs, encrypt and decrypt, and automatically destroy when tampered with. HSM has a world standard protocol and is used extensively in FSI (Financial Service Industry). There are two types of HSM: General Purpose and Payment.
OHSM (Online HSM) is just like normal general-purpose HSM, but it is NOT real hardware since it is online. The genuine HSM is secured in the Cloud and acts virtually the same way. The only difference is that HSM uses the PKCS#11 protocol, while OHSM uses secured REST/API. Its functionality and security level are identical unless the users share the hardware. Using OHSM effectively reduces overhead costs since purchasing the HSM separately requires significant investment.
TPM is shorthand for the Trusted Platform Module. It is a separate small chip inside the motherboard. Its specific function is to create and store the encryption key, ensure the key is secure, and allow it to encrypt and decrypt data securely. TPM has the same purpose and function as HSM but in a private way. The number of key stores is very limited. TPM has a downside compared to HSM; if the hardware access is not trusted, TPM will lose the trusted aspect. On the contrary, it will protect the key as vital as HSM.
Depending on the business requirements and the business scale, having a dedicated HSM is an excellent decision since it would ensure the exclusivity of the hardware and eliminate the possibility of critical leaks since it is not shared.
Jakarta, Mar 23, 2024.
