Market Need
In today’s world, securing payment transactions with a Hardware Security Module (HSM) is a requirement for financial institutions. Not only is this necessary to meet PCI-DSS for PIN transactions, but it’s also a security best practice. Key generation/management/export pose unique market challenges, as activities related to encryption keys often take significant planning and managing access to secure geographically isolated data centers, all while ensuring that the numerous financial standards are all met.
Solution Overview
The GEOBRIDGE KeyBRIDGE KMS integrates with the Fortanix Data Security Manager to offer a truly centralized key management solution with HSM-grade security as well as seamless integration for any payment device.
As the need for reliable key management in the financial market increases, the number of keys used to protect that data increases. Consequently, an organization's security team faces numerous challenges.
- Integration with SIEM tools like Splunk: Auditing integration with SIEM tools (like Syslog, Splunk, CSP logging)
- Cloud key discovery and risk assessment: Centralized insight into the security posture of your critical data across a hybrid/ multicloud environment.
- Centralized management of data security: Single, unified interface to manage data security across multiple cloud platforms.
The combined Fortanix + GEOBRIDGE solution provides full lifecycle key management, compliance enforcement, and audit logging for the keys. Financial institutions can now manage key generation and key export activities through the KeyBRIDGE user interface, giving users better control and better access to complete key generation and key management functions. Once a key has been generated in KeyBRIDGE, it can be exported as a cryptogram, encrypted under Fortanix DSM's Local Master Keys (LMK), encrypted under a different Key Encryption Key (KEK) / ZMK, or even as a TR-31 key block.
Fortanix Data Security Manager
Secured with Intel® SGX, Fortanix DSM delivers HSM-grade security with software-defined simplicity. DSM provides flexible consumption options - a hardened appliance, HSM as a service, or software running on commodity x86 servers.
DSM offers central management, tamper-proof logging, rich access control, REST APIs and massive scalability. Organizations use DSM to secure their sensitive cloud and traditional applications, including digital payments, PKI systems, IOT applications, silicon manufacturing, and remote TLS terminations - all while drastically reducing integration complexities and expenses.
GEOBRIDGE KeyBRIDGE KMS
GEOBRIDGE has maintained support for dozens of technology manufacturers that realize the value of a centralized system that allows for them maintain their own proprietary key handling techniques thereby eliminating the need for new development and increased costs. GEOBRIDGE is continuing to add support for new technology manufacturers on a continual basis as a result of customer demand. So, if additional end- points require integration the GEOBRIDGE KeyBRIDGE KMS system can easily accommodate additional key management requirements.