Secure HSM Key Management in Germany

A hardware security module (HSM) is a specialized piece of hardware that performs cryptographic operations and protects sensitive data. An HSM (Hardware Security Module) is used exclusively for these cryptographic tasks. If an organization also wants to encrypt its data in cloud computing, it can use the services of the cloud operator itself. Hyperscalers have entire fleets of HSMs at their disposal to offer their customers corresponding cryptographic services. However, this form of key generation and management has one key requirement: the customer must have absolute trust in the hyperscaler and its model of HSM usage.

In highly regulated markets where IT and data security and Cloud sovereignty are of the highest relevance and strategic importance, taking over the key management yourself can be particularly advantageous. In this way, companies retain complete control and can implement customized security solutions that meet the specific requirements of their industry. To do this, a company can either operate its HSM (or its two HSMs) itself or have it operated by a qualified service provider in the German jurisdiction - such as Arvato Systems.

An HSM is a piece of hardware whose specific task is to generate, store, and manage cryptographic keys, including rotation, backup, and deletion of the keys. A standard hardware security module is capable of handling between 2,000 and 20,000 cryptographic transactions - i.e., encryption and decryption processes - per second. However, for redundancy reasons, two HSMs must always be operated in parallel - physically separated from each other. Because each pair of HSMs must run synchronously, the spatial distance between them must not be greater than 25 km. The HSM implements various cryptographic algorithms - both symmetric, such as AES or DES, and asymmetric, such as RSA, DSA, or ECC. The HSM also takes on the task of generating random numbers. On this basis, the HSM performs all cryptographic operations, from encryption and decryption to digital signatures, authentication, and hashing.

Who gets access to this master key - or, in the case of asymmetric cryptography concepts, also to the private key - is the question with which the security promise of an HSM approach stands or falls. In principle, the way in which hyperscalers provide their HSM and cryptography services is, of course, certified to the highest level. The physical security of an HSM pair in a hyperscaler's data centers should also be above suspicion: The risk of a physical key loss is conceivably low. However, even a single compromised user of the HSM fleet at the hyperscaler could be the weak point that opens up access to the master key or the private keys of the HSM. There is also the question of whether the national legal situation at the hyperscaler's headquarters makes any official access to a customer's HSM and the keys it contains completely impossible - regardless of whether a customer uses their HSM pair at the hyperscaler completely dedicated and individually or in a cost-effective multi-tenant model.

However, it is a question of the strategic requirements for a company's own security and sovereignty and, in particular, the regulatory framework conditions in the respective industry as to whether a company can leave the cryptographic tasks of encryption and decryption - and in particular the critical key management - to a US hyperscaler. The highest degree of sovereignty is promised by a concept in which all cryptographic processes and the entire key generation and management take place in the company's own hardware security module - whether it operates this on-premises or uses the HSM services of a competent German service provider such as Arvato Systems.

In Germany, it is usually the strict regulatory requirements and compliance obligations that make companies reluctant to use the cryptographic services of a hyperscaler - or even to leave the key management to them. Nevertheless, the opportunities offered by using the hyperscalers' cloud services are too tempting. For organizations that want to distinguish themselves as digital leaders in their segment, cloud computing is sometimes even without alternative. Whether they are in the critical infrastructure, healthcare, defense, finance, or public administration sectors.

The only option that remains is to make a conscious decision to retain control over your own HSM. In the healthcare industry, for example, data encryption at the highest level is required, which includes strict control over the keys and often the use of certified HSMs. Particularly in applications such as electronic patient records (ePA), e-prescriptions or KIM (Kommunikation im Medizinwesen) HSMs are not only recommended, but mandatory. For example, if a manufacturer of practice management systems wants to offer its customers - such as medical practices and pharmacies - a secure cloud backup, a Hardware Security Module (HSM) is essential. This HSM allows the manufacturer to retain complete control over encryption instead of leaving it to the hyperscaler that provides the cloud storage.