Cybersecurity Europe Trending

Keeper of the Keys: Unbound Tech on Digital Security for Growing Fintechs

They might have their heads in the Cloud, but fintechs understand that with digital expansion comes greater security needs. From on-premise infrastructure, hardware security modules (HSMs), and even apps, managing the security keys across a multitude of scenarios, can get expensive.  

Michael Hughes, CBO at Unbound Tech

Here Michael Hughes, the Chief Business Officer at Unbound Tech, explains the issues that fintechs continue to face as businesses grow, and security concerns arise.

The centralised management capability offered by the cloud, while lucrative is not always as feasible and seamless when it means abandoning years of tried-and-true hardware that may be in consideration for obsolescence. So, what are IT managers up against when they decide on a cloud shift that requires that some existing hardware remains intact?

Several issues will surface, such as the time-consuming task of maintaining multiple systems, implementing key management solutions and the creation of multiple keys depending on the application supported and authentication path. Developers and solution architects take on the biggest migration risk, because the painstaking work that it took to develop an application once, may now have to be repeatedly refactored to ensure that keys work anywhere, any cloud, at any time.

Key management system concerns

Most cloud providers have a key management solution (KMS) that delivers a segmented picture of the cryptographic key logs and usage reports, that is inherent to their cloud, making it impossible for enterprises to manage their entire key arsenal in a single place with full visibility of cryptographic keys, across multiple sites from on-premise to hybrid and multi-cloud. This greatly impacts distributed enterprises and financial organisations as they expose themselves to the most risk and increased costs when not fully considering the impact of a disparate infrastructure when moving to the cloud.

Once an organisation begins to vet the potential risks and considerations of their shift, many find it close to impossible to manage their entire cryptographic arsenal across disparate sites and multi-cloud due to the dependencies on the very applications that they are looking to authenticate having written to each cloud requirements. This greatly impacts the time to market with existing and new applications that require keys to ensure proper security policies are met and could have drastic repercussions on the organisation’s ability to prevent cyber-attacks and data leakage. So how does one implement a solution that accounts for existing and new infrastructure, accelerates your financial institution’s time to market, and enforces the policy, custody and security parameters you are required to meet?

Finding a secure solution

Over the years I have seen one too many banks come to Unbound after investing months trying to implement a partial solution to a major problem. Meeting the requirement that provides a single pane of glass to their keys and digital assets on where they are stored, how they are being used, who is using them, and how they are being programmed is only a challenge that we can meet with the superior security benchmark of enabling multi-party computation (MPC).

In an on-premise environment the technology and where it is housed is physically known and visible to the user, when it comes to cloud management solutions that control is abdicated and trust can be easily impacted – controlling crypto keys should not be a leap of faith, but a gain in agility and visibility of all assets, anywhere any time.

Prior to Unbound, each HSM vendor would have their own encryption library, that under Public-Key Cryptography Standards (PKCS-11), enforces how to interact with different HSMs. With Unbound key store, the trusted institution environment we have has a management layer on top that communicates universally across any key store to identify usage and misuse.

A cryptographic audit log provides the notion of non-repudiation, showing how to use the key and for what function. The concept itself assists development units to manage an HSM portal and demand where it should be deployed.

All financial institutions need to make sure that they benefit from secure and agile cryptography platform, including quantum encryption, centralized key management with BYOK or CYOK (control your own key) support, as well as HSM and vHSM coexistence. In today’s day and age, when innovation, efficiency and proven security that delivers long term confidence and trust is a necessity – then I understand why so many of the world’s largest banks have come to rely on our platform.

You can learn more by visiting Unbound directly.


  • Gina is a fintech journalist (BA, MA) who works across broadcast and print. She has written for most national newspapers and started her career in BBC local radio.

Related posts

Youth Economy Soars During Pandemic as Pocket Money Increases

Gina Clarke

Good News for Gamers Thanks To a New Digital Banking Platform From Zytara

Gina Clarke

UK and US Join Forces to Support Developing Nations in Climate Change Efforts

The Fintech Times