Data centre and interconnection giant Equinix has introduced a hardware security module (HSM) as-a-service offering, called the SmartKey.
HSMs are used by a growing number of businesses for security purposes, in place of traditional on-premise encryption techniques, which are complex and typically don’t work well when trying to operate across multiple clouds.
Historically, cryptographic processing (encryption) and management of the encryption keys has been a major part of the protection of sensitive data within an on-premise data centre.
However, due to the cost and complexity of the management and deployment of this process, as well as the difficulties faced when moving to the cloud with classical encryption, more businesses have turned to HSMs.
A physical device that typically works as a plug-in card or attaches directly to a server, HSMs are seen as a simple and effective security solution, and, according to the results of the Global Encryption Trends Survey from Ponemon Institute, are used by 48% of enterprise respondents on-prem in support of cloud applications, while 36% of survey respondents ‘lease’ HSMs from a public cloud provider.
However, in a blog post, Equinix’s global head of security products, Imam Sheikh, wrote: ‘While cloud-based HSMs provide simplicity, these solutions place both the data and encryption keys together in the same place, increasing the risk of them both being breached by hackers or malicious insiders.
‘With the increasing number of complex security threats and the amount of information moving in and out of the cloud, a new security control point must be implemented at the intersection of people, locations, clouds and data.’
This is where Equinix wants its SmartKey to be used. Now in its public beta stage, the technology is based on Intel’s Software Guard Extensions (SGX) and is powered by Fortanix. SGX is designed for application developers looking to protect application code and data. Fortanix worked on the first HSM management cloud service based on this technology, which Equinix is now offering as a service.
The firm will also offer private connectivity options to SmartKey for public and hybrid cloud, including for AWS. Access to the service will be made via private interconnection within an Equinix international business exchange (IBX) data centre, or via the internet.