Pioneers, HSMs, and the Future

Published:Sep 21, 2022
Reading Time:5 Minutes

I’ve always been fascinated by emerging technologies such as the automobile, the camera, recorded sound and, of course, computers. Imagine the forethought and the sacrifices that these pioneers endured. In many cases, however, these pioneers became irrelevant after a short period of time and were soon forgotten. For example, the first automobile manufactured in the United States was introduced by a company called Stevens-Duryea;, the first camera company was Eastman Kodak, and let’s not forget American Online (AOL). Being first into an emerging market provides an obvious advantage in the beginning but, unfortunately, not in the long-term.

We are seeing the same thing play out in our current computer/internet vendor space. There are many reasons for a company’s initial success, followed by its eventual failure. Initial success in a previously unknown market isn’t necessarily hard: A bottled water salesman doesn’t have to be good if all of his customers come out of the desert. The first air-conditioning company probably didn’t have to try hard to sell an air-conditioner in Phoenix in July. Keeping your current and future customers happy after your initial success is hard. Every company that displaces the early adopter has an advantage. The advantage comes in many forms: watching/learning the early adopters’ successes/failures and watching the market’s needs change while not being preoccupied with defending one’s current market share.

Remember Novell Networks or WordPerfect? Novell probably had an 85%+ market share in network operating systems (OS) but didn’t see the market’s need for servers extending beyond storing and printing files. WordPerfect couldn’t make the transition from a character-based word processor to a graphical word processor. In both cases, Microsoft watched and disrupted the OS and word processing markets, and the rest is history.

The Hardware Security Module or HSM market is echoing the Novell Networks and WordPerfect stories. Major HSM players introduced their first products in the mid-1990s to address the market's need; to accelerate SSL tunnels by generating and storing SSL keys for the new World Wide Web (WWW) servers. Encryption wasn’t its initial purpose until around 2005, following a data breach. Fast forwarding to 2022, cryptographic keys are everywhere and are used for many things such as:

  • secure WWW tunnels,
  • encrypt data
  • protect firewalls, authentication solutions, people, and banking transactions,
  • digitally sign software code, computer chips and mortgage agreements, and
  • secure trillions of dollars of digital currency

Among the major players, the HSM- based architecture was established, slowly introduced, or more so remaining stagnant to the market’s need. Based on their inability to re-architect their HSMs for the current market needs, I suspect that the old-guard HSM companies will miss out on the next generation of cryptographic needs.

Fortanix paid attention to the changing landscape, anticipated the explosion of crypto key use-cases, watched with rapt attention, and learned where the current HSM vendors were succeeding and failing.In most cases, the old-guard HSM vendor’s successes have come from their conscious and deliberate inability to work with any related vendor. Their additional successes have come from the difficulty of displacing them. In one case, the company won’t even allow a replacement to be introduced. It is interesting to observe that the elements keeping them the market leaders are those that will prove to be their failures.

Contrary to popular belief, HSMs don’t perform encryption nor sign code/chips/documents. They are just expensive calculators that performs two primitive operations: Generate strong cryptographic keys and protect keys. These statements in no way minimize the importance of an HSM. If you’re going to engage in any cryptographic operation, the key being used is more important than the protection afforded by said key. By this logic then, the protection of the key is of paramount importance.

Another function for HSM solutions to be the most effective is key management. In the mid-90’s through perhaps 2010, an HSM solution without key management was sufficient due to the minimal number of keys being used. This is not the case for the year of 2022 and beyond, keys are everywhere and so are the systems that use keys, a robust key management function is necessary. Managing keys in multiple clouds and on-premises, including multiple types of cryptographic solutions, is a daunting task for most companies.In some cases, I believe that companies are reluctant to consider a new cryptographic solution due to the added complexity or other reasons; whatever the case might be, cryptography is the only thing that separates a company’s data, systems, and reputation from hackers. And make no mistake that Firewalls are not. Remember: Every data breach begins with a firewall breach.

Fortanix recognized the market needs and developed its HSMs with key management at its core for many cryptographic solutions across the enterprise environments (public, private, multiple clouds, on-prems, and/or hybrid). No other HSM vendor can claim this. All other HSM vendors have added key management as an afterthought or partnered with a company with whom they could integrate key management.

Can you blame the first companies into a market for wanting to maintain their leadership position? Yes, if maintaining their leadership position is based on maintaining their backward compatibility at the expense of modern flexibility and simplicity.

In 1903, the Wright Brothers invented the most impactful technological advancement of the 20th century, yet within ten years, they became irrelevant to the future except for historical praise. Sad is an understatement. Why? They couldn’t adapt to the rapidly changing market, and they spent most of their efforts fighting their legacy with patent claims. History has proven that better solutions are created by those who are flexible and agile to the market needs with simple solutions.

Fortanix is the data-first security leader providing a single pane of glass, integrated data security with encryption, key management, tokenization, and other capabilities. The results speak for themselves.

You can read more about our data security capabilities in the Fortanix Data Security Manager Solution Brief here.
Want to know more? Feel free to reach out to us.
Interested in a free trial? Click here.

Share this post: