A Secure Root of Trust

I’m proud to be part of the “Chain of Trust” that begins here in Sunnyvale California for the HPE Atalla HSM (Hardware Security Module). When I joined Tandem Computers 20 years ago I was awed by what the Atalla security products provided our Payment Card Industry (PCI) customers. Since the mid-1970’s, Atalla products have led the way in shaping the payments industry and ensuring the security of not only my personal banking transactions but also the way in which global trade is conducted to this very day. If you use an ATM machine (anywhere in the world), buy gas at the pump, or swipe your credit card at a store, the chances are highly likely that transaction was protected and authorized thru an Atalla HSM appliance on the back-end.

I suppose we are all biased in some ways around the products we work with, so it’s a real pleasure to see positive reinforcement when independent third-parties confirm those beliefs and back up the facts I talk about every day.

Coalfire Systems, Inc. is a security industry leader in IT Security, governance, regulatory issues and compliance. Coalfire Labs recently performed an independent assessment on Hardware Security Module Leadership and performed a detailed analysis of the HPE Atalla HSM. You can view the Coalfire whitepaper here. They focused on the encryption capabilities, key management and secure chain of trust for the HPE Atalla HSM solution and key functions as well as the HPE Atalla Secure Configuration Assistant (SCA-3) with the HPE Atalla Secure Keypad (ASK) Key Loading Device.

The assessment results provide great value to audiences evaluating the use of the HPE Atalla HSM such as merchants wanting an HSM deployed in their payment card environment for encryption and key management. These audiences include Acquirers, Payment Processors, Payment Gateways and Issuing Banks that offer PIN verification, encryption and key management, EMV processing solutions and Point-to-Point Encryption Service Providers implementing a P2PE environment for payment card processing. P2PE is one of the most critical and secure legs between the Point of Sale and the acquirer of a transaction.

In the report, Coalfire pointed out the HPE Atalla HSM contained important key security benefits over other vendor offerings.

  • Extremely high security assurance thru certifications and standards such as, PCI HSM 1.0, (NIST) 800-22, ANSI X9F and validated under FIPS 140-2 Level 3
  • Leading industry best practices for Key Management thru strong controls around key export and encryption algorithms, dual control cryptographic key loading and audit logging of all key management activities
  • Robust Disaster Recovery capabilities
  • Superior cryptography that utilizes the HPE Atalla Key Block (AKB) for an additional layer of security assurance and performance of double and triple key-length (3DES) and RSA public/private key implementations not available from other manufacturers
  • Secure remote device management that is ideal for lights-out data centers
  • Wide ranges of use cases for PCI compliant environments
  • Validated market leadership as the most established security hardware product with the highest Net Promoter Score with customers of any HSM appliance provider
  • Security Assurance from a full Chain of Trust for users before the appliance ever arrives in a customer’s shop

The assessment also points out the HPE Atalla HSM has a broad set of use cases for today’s PCI environments. It also gives a set of examples illustrating how this solution is a perfect fit for most environments seeking a balance between ease of use and rich security assurance.

Most people don’t know how much thought leadership HPE provides to the Payment Card Industry in driving, developing and improving standards through the governing bodies such as ANSI X9. In addition to developing the Atalla Key Block (AKB), other key contributions include AES PIN block and AES Derived Unique Key Per Transaction (DUKPT), which was originally developed by VISA.

So here we have one of the most trusted companies with one of the most trusted security appliances in the world and what did we do in the HPE Security team? We gave it a superiority complex and made it even better! Recently, we seamlessly integrated the HPE Atalla HSM appliance with our leading data-centric protection software HPE SecureData. That’s one heck of a setback for data thieves that thought once they get in, the world of data would be theirs for the taking. Guess again bad guys. HPE SecureData combined with HPE Atalla HSM provides end-to-end protection of data throughout its lifecycle whether it’s at-rest, in-motion or at-use across your enterprise with a secure root of trust in the HSM where data is encrypted at its source.

It doesn’t matter if you have personally identifiable information (PII), protected health information (PHI) or credit card and social security numbers. This solution keeps them safe and secure. It protects information in compliance with PCI Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) state and national data privacy regulations, as well as the EU’s General Data Protection Regulation (GDPR). This integrated solution of HPE Secure Data and HPE Atalla HSM will also enable companies to quickly pass audits and provide PCI scope reduction while implementing full end-to-end data protection. We make sure anything a hacker might find is rendered useless by employing our industry leading techniques of HPE Format-Preserving Encryption (FPE) and HPE Secure Stateless Tokenization (SST). I encourage you to learn more about this dynamic duo of super products to further protect your most valuable assets and save your company from villains that want to exploit your weaknesses.