Organizations trying to balance the risk of data breaches against the cost of pervasive encryption often balk at the trade-off. The use of hardware security modules (HSMs) in conjunction with applications that perform encryption improves the protection afforded to encryption keys and the encryption processes themselves, but cost considerations typically limit the scope of their deployment. This slidedeck provides an explanation of criteria to help organizations decide which applications or data would benefit most from hardware-based encryption and key protection. The criteria are designed to make those decisions repeatable, consistent, and specific for any application, based on the organization’s sensitivity to cost, risk tolerance, and performance requirements. Real-world examples are also included! Our why not listen to the webcast: https://www.thales-esecurity.com/knowledge-base/webcasts/sans-webcast

1. Decision Criteria and Analysis for
Hardware-Based Encryption
Sponsored by Thales e-Security
© 2016 The SANS™ Institute – www.sans.org

2. © 2016 The SANS™ Institute – www.sans.org
Today’s Speakers
Eric Cole, PhD, SANS Analyst and Fellow
John Grimm, Senior Director of Security
Strategy, Thales e-Security
2

3. © 2016 The SANS™ Institute – www.sans.org 3
Introduction
2016 Global Encryption Trends Study, Ponemon Institute, February 2016
The ratio of cost to benefit has improved and encryption is now
far more common in organizations that rely heavily on Internet-
or cloud-connected applications for significant business
functions

4. © 2016 The SANS™ Institute – www.sans.org 4
HSM
Hardware-based encryption uses dedicated
hardware to perform cryptographic functions,
which offloads processing to an independent
system, increasing not only security but also
performance. In addition to performance, risk
and security of keys are also factors in using
hardware security module (HSM) encryption

5. © 2016 The SANS™ Institute – www.sans.org
Pros and Cons of HSMs
5

6. © 2016 The SANS™ Institute – www.sans.org 6
Key Areas to Evaluate When Considering
Hardware-Based Encryption
Because it is unlikely that every application can benefit
enough to justify the additional cost and effort,
organizations should deploy hardware-based solutions
only for applications with sufficiently high requirements
for security and performance.
• Application integration
• Crypto APIs
• Testing and patching

7. © 2016 The SANS™ Institute – www.sans.org 7
Design Criteria and Analysis: Finding Balance
Every organization that has sensitive data can
gain from hardware-based encryption, but very
few can afford the cost or complexity of applying
it to every system and application.
• Identify all critical data
repositories
• Map key business processes
• Determine servers that
support the processes
• Create a threat map
• Perform a risk assessment
• Prioritize applications
• Verify all risk mitigation
measures
• Do a gap analysis to
determine areas of focus

8. © 2016 The SANS™ Institute – www.sans.org 8
The Criteria
In looking at the criteria, hardware-based
encryption works very well in environments in
which:
1. Verified encryption is critical.
2. Strong key management and protection are
required.
3. Performance is important.
4. Initial deployment cost is not the ultimate driver.
5. The organization has control over the application
server environment.

9. © 2016 The SANS™ Institute – www.sans.org
Use Case: Digital Cinema
HSMs used for:
–Content encryption
–Digital watermarking
–Strong authentication

10. © 2016 The SANS™ Institute – www.sans.org 10
W A R N I N G
Many organizations will initially determine
that hardware-based encryption is not a
viable or feasible solution because of bad
design decisions made when the system
was first implemented.

11. © 2016 The SANS™ Institute – www.sans.org 11

12. © 2016 The SANS™ Institute – www.sans.org 12
Challenges in Implementing Hardware-
Based Encryption
2016 Global Encryption Trends Study, Ponemon Institute, February 2016

13. © 2016 The SANS™ Institute – www.sans.org
Analytical Process for Determining Where
to Deploy Hardware-Based Encryption
13

14. © 2016 The SANS™ Institute – www.sans.org
Where and how are HSMs most
commonly deployed?
• SSL/TLS
• Database encryption
• Application-level encryption
Additional HSM form factors:

15. © 2016 The SANS™ Institute – www.sans.org 15
Emerging Technologies (1 of 3)
Cloud
• With the cloud, the hardware and systems are
owned and controlled by a third party
• Close collaboration with the cloud provider is critical
for hardware-based encryption to work
• Cloud providers are looking for ways to enhance
their customer experience and differentiate
themselves
• Not uncommon for some cloud providers to offer
services that integrate hardware-based encryption

16. © 2016 The SANS™ Institute – www.sans.org
Use Case: Key Management in the Cloud
User organization generates
own keys on-premise
Keys securely transferred to
HSMs in the cloud
Keys used by, but not
accessible to, cloud provider
nShield Edge

17. © 2016 The SANS™ Institute – www.sans.org 17
Emerging Technologies (2 of 3)
Virtualization
• Hardware-based crypto services for virtualized
environments require planning
• A “virtualized HSM” would reduce the benefit of
hardware-based protection features like anti-tamper
• Virtual systems requiring hardware-based encryption
need access to a networked-based HSM, or to share
access to a PCI HSM on the same server

18. © 2016 The SANS™ Institute – www.sans.org 18
Emerging Technologies (3 of 3)
IoT (Internet of Things)
• The IoT typically involves relatively low-end pieces
of hardware that focus on a single task, with an
emphasis on low power consumption
• Directly integrating hardware-based encryption may
not be feasible
• Many vendors, such as Samsung and other IoT
platform providers, are making chips with trusted
platform modules for which the device
manufacturers can leave a slot

19. © 2016 The SANS™ Institute – www.sans.org
Use Case: Manufacturing
HSMs provide:
– Root of trust
– Secure credentialing
(“digital birth certificate”)
– Ability to lock/unlock
capabilities
– Encryption key services
– Configuration security
(e.g., code signing)

20. © 2016 The SANS™ Institute – www.sans.org 20
Summary
The following is a high-level checklist for deploying
hardware-based encryption:
• Use risk analysis to drive the overall process of
determining an appropriate solution.
• Perform cost-benefit analysis.
• Calculate the TCO to make sure there are no hidden
costs.
• Put together a detailed implementation plan to fully
understand the complexities involved.
• Recognize that changes to existing applications might
be needed to accommodate the best solution.