The ARIA microHSM solution is a SmartNIC based Hardware Security Module (HSM) that provides organizations with a simple to deploy, zero-footprint hardware option for adopting and offloading KMIP-based encryption – locally for their critical applications.
Data encryption is a critical component to success in any cybersecurity strategy, and one that is often problematic. One common approach is to deploy a hardware security module (HSM), a physical appliance attached to the network that generates data encryption keys and performs encryption/decryption functions. Data as generated/manipulated by applications is sent across the network to be encrypted before being returned and stored. These “black box” HSMs need to have secured rack space and be properly networked to avoid latency that can lead to application performance degradation.
The largest concern is the fact that traditional HSMs require specialized expertise to set up properly with the applications they are to perform the encryption operations for. The professional services needed to deploy these systems and the need to continuously engage with such experts every time the applications are updated can be extensive.
Additionally, there are known security vulnerabilities inherent in the Intel x86 chip architecture, which can be challenging for those looking for strong data encryption techniques while running the encryption applications right on the host. The applications must run the keys in the clear when encrypting the data. Storing encryption keys in the open on an x86 host leaves them open to exposure if the server is hacked.
The ARIA microHSM offers four unique capabilities when compared to traditional HSMs:
The ARIA microHSM, based on the KMIP standard, gives organization not only the ability to offload encryption keys but also simple API deployment, FIPS 140-2 compliance, and high availability required for our customer’s complex data encryption needs. Deployment is as easy as plugging the PCIe board into a server and spending a few minutes to configure the needed APIs. Once installed, the ARIA microHSM takes on the full life-cycle management of encryption keys generating hundreds in a minute.