HSM as a Service Transforms Security Landscape & Efficiency of Global Acquirer/Processor
Hardware security modules (HSMs) are indispensable when it comes to attaining compliance in the payment card industry (PCI).
However, HSMs can be time-consuming and expensive to maintain when housed on-site. Many companies that need to meet PCI compliance don’t have the in-house resources to maintain HSMs, yet they need the level of security and synchronized key management solutions HSMs provide for efficiency.
GEOBRIDGE recently worked with a global merchant acquirer and payment processor to deploy HSM as a service. In this situation, a provider such as GEOBRIDGE hosts the HSM in their data center, taking the burden of HSM housing and maintenance off of the company.
Here’s how HSM as a service worked for this client and the benefits and value that resulted from this project.
Capitalizing on Opportunities in the Cloud
Searching for a cutting-edge platform to operate more efficiently for their customers, this acquirer/processor wanted to maximize their opportunities in the cloud.
“We truly are a global company, even from just an employee standpoint,” says the Chief Technology Officer (CTO) of this organization. “And we wanted to be a global company for our merchants and to operate in the cloud.”
The company had been operating on Amazon Web Services (AWS), a public cloud vendor that doesn’t offer HSM as a service, which is where GEOBRIDGE came in. The company looked at numerous different providers for cloud HSM solutions, and “GEOBRIDGE came to the top of the list,” says the CTO.
The company had strict requirements for their provider for cloud HSM solutions. They not only needed a full validated HSM product, but also a provider that could handle key tasks on their behalf.
“Handling the key tasks on our behalf was a fairly substantial one,” notes the Chief Security Officer (CSO) of the company. “Because at the end of the day, one of the concerns that has popped up in previous companies is the idea of needing to have staff who understand key management, who understand the seriousness of the security roles, but do not share an engineering hat with people that might have other pieces of the puzzle for PCI reasons. You need people who are both technically competent and capable but who also are not your system administrators and not your software engineers.”
The CTO agrees. “So having the HSM and having key management services—definitely a win-win. The other thing that we really appreciate about GEOBRIDGE and Utimaco is that Utimaco is so interested in looking to the future and imagining what life will be like in a post-queue world. And that, to me, says a lot.”
GEOBRIDGE was able to architect this company’s HSM solution for their particular needs, including synchronized key management solutions in their hybrid cloud environment. HSM as a service is also a hugely advantageous solution for global companies in the payment industry such as this one, because PCI regulations are always evolving. With HSM as a service, organizations can unify key management solutions, maintain enhanced security, and stay in compliance even as regulations change across the globe.
Benefits and Value of Cloud HSM Services
HSM as a service allows companies to leverage HSMs and key management solutions in multi-cloud environments. The results of this move include better controlled expenses and reducing the steps organizations need to take to gain PCI compliance.
With this flexibility, organizations such as this global acquirer/processor increase their efficiency. GEOBRIDGE handles key management as a PCI certified company, whereas organizations would normally need up to six full-time employees to do this. GEOBRIDGE offers this service for lower than the cost of one full-time employee.
This gives payment processors incredible value as they can gain compliance while lowering costs. Even if the company operates in a hybrid cloud setting, they can attain better security architected for their specific needs by using a cloud HSM solution.
This acquirer/processor now has a secure hybrid cloud solution with HSM as a service and integrated key management. The results? Peace of mind, compliance, and efficiency.
“The level of competence and detail was a very large factor [in working with the GEOBRIDGE team],” says the CSO. “In my experience, GEOBRIDGE actually understands and takes reality into account and wants to work with you. I cannot say the same for some of the other vendors that we contacted about this project, including vendors that sell this service on their website.”
“Many companies have the sales experience, where when you’re going through and getting signed up, you’re working with the sales team, you’re working with the sales engineer, and the support is great and everybody’s responsive and then you sign the check. That is NOT the experience we have had with GEOBRIDGE in the least,” says the CSO. “The post-sales experience has, if anything, been better than expected.”
“Yes, an HSM vendor absolutely has trade-offs. For us, those trade-offs were 100% worth it. Not a shadow of a doubt,” the CSO continues. “I have far more confidence in the reliability and security of an HSM managed by GEOBRIDGE than I ever had at previous entities. They know what they’re doing and they have the staff and knowledge to do that job better than we could. And I think that’s going to be a fairly common experience.”
Moving Your HSM to the Cloud?
Are you moving your payment HSM from on-site to the cloud? GEOBRIDGE provides HSM as a service to help organizations in the payment card industry reduce their on-site operating costs while improving security and efficiency and maintaining PCI compliance. Contact us today about your cloud HSM options!