They might have their heads in the Cloud, but fintechs understand that with digital expansion comes greater security needs. From on-premise infrastructure, hardware security modules (HSMs), and even apps, managing the security keys across a multitude of scenarios, can get expensive.
Here Michael Hughes, the Chief Business Officer at Unbound Tech, explains the issues that fintechs continue to face as businesses grow, and security concerns arise.
The centralised management capability offered by the cloud, while lucrative is not always as feasible and seamless when it means abandoning years of tried-and-true hardware that may be in consideration for obsolescence. So, what are IT managers up against when they decide on a cloud shift that requires that some existing hardware remains intact?
Several issues will surface, such as the time-consuming task of maintaining multiple systems, implementing key management solutions and the creation of multiple keys depending on the application supported and authentication path. Developers and solution architects take on the biggest migration risk, because the painstaking work that it took to develop an application once, may now have to be repeatedly refactored to ensure that keys work anywhere, any cloud, at any time.
Key management system concerns
Most cloud providers have a key management solution (KMS) that delivers a segmented picture of the cryptographic key logs and usage reports, that is inherent to their cloud, making it impossible for enterprises to manage their entire key arsenal in a single place with full visibility of cryptographic keys, across multiple sites from on-premise to hybrid and multi-cloud. This greatly impacts distributed enterprises and financial organisations as they expose themselves to the most risk and increased costs when not fully considering the impact of a disparate infrastructure when moving to the cloud.
Once an organisation begins to vet the potential risks and considerations of their shift, many find it close to impossible to manage their entire cryptographic arsenal across disparate sites and multi-cloud due to the dependencies on the very applications that they are looking to authenticate having written to each cloud requirements. This greatly impacts the time to market with existing and new applications that require keys to ensure proper security policies are met and could have drastic repercussions on the organisation’s ability to prevent cyber-attacks and data leakage. So how does one implement a solution that accounts for existing and new infrastructure, accelerates your financial institution’s time to market, and enforces the policy, custody and security parameters you are required to meet?
Finding a secure solution
Over the years I have seen one too many banks come to Unbound after investing months trying to implement a partial solution to a major problem. Meeting the requirement that provides a single pane of glass to their keys and digital assets on where they are stored, how they are being used, who is using them, and how they are being programmed is only a challenge that we can meet with the superior security benchmark of enabling multi-party computation (MPC).
In an on-premise environment the technology and where it is housed is physically known and visible to the user, when it comes to cloud management solutions that control is abdicated and trust can be easily impacted – controlling crypto keys should not be a leap of faith, but a gain in agility and visibility of all assets, anywhere any time.
Prior to Unbound, each HSM vendor would have their own encryption library, that under Public-Key Cryptography Standards (PKCS-11), enforces how to interact with different HSMs. With Unbound key store, the trusted institution environment we have has a management layer on top that communicates universally across any key store to identify usage and misuse.
A cryptographic audit log provides the notion of non-repudiation, showing how to use the key and for what function. The concept itself assists development units to manage an HSM portal and demand where it should be deployed.
All financial institutions need to make sure that they benefit from secure and agile cryptography platform, including quantum encryption, centralized key management with BYOK or CYOK (control your own key) support, as well as HSM and vHSM coexistence. In today’s day and age, when innovation, efficiency and proven security that delivers long term confidence and trust is a necessity – then I understand why so many of the world’s largest banks have come to rely on our platform.
You can learn more by visiting Unbound directly.