14 Oct 2022
by Paul Hector

Ensuring trust and protecting sensitive data in today’s digital world (Guest blog by Ultra)

Guest blog by Paul Hector, Sales Manager - Cyber EMEA at Ultra #Cyber2022

It is widely known how detrimental data breaches can be for individuals and organisations. When that worst case scenario occurs, an organisation will experience one or more probable consequences: loss of sensitive, operational downtime, financial loss, reputational damage and potential legal action.

Unfortunately, we all live in time where the threat of these cyberattacks and data breaches are now constant. The ever-present threat landscape therefore prompts the question: How does an organisation secure data and ensure organisational integrity and trust in today’s digital age?

Building on that question, it is also nearly impossible to transact in this digital world without trust. The notion of digital trust is crucial in a global society where people often transact with people they have never met and may never encounter again. In fact, many  transactions are not even between people at all, but between people and machines, or simply between machines. Examples are everywhere: automatic teller machines, electronic wire transfers and electronic filing of tax forms. Anywhere transactions are made, trust still needs to be established. In order to achieve that baseline of trust, assurance is needed in four main areas:

  • All entities partaking in transactions are who they say they are.
  • There is no breach of privacy/confidentiality.
  • The intended transaction is the transaction that takes place.
  • The transaction can later be proven to have taken place.

In today’s digital world, trust should be built on Public Key Infrastructures (PKI). So, what is PKI? PKI can be described as three things: a methodology, a technology and an infrastructure by which transactions can be performed. The method relies on the presentation of trusted digital certificates between all parties in a transaction. The simple rule of engagement is: if you have a certificate that I trust, then I can also trust you, and vice versa. Typically, end entities are configured with one or more trust anchors which are then used as a starting point to validate a given certification path. The technology used is cryptography. More specially, Public Key Cryptography. This also where Hardware Security Modules (HSM) plays a role as the root of trust which protect PKIs from breaches. HSMs enable the generation of keys throughout the PKI lifespan, while ensuring scalability of the whole security architecture.

Ultra-Cyber2022-BlogPicture1.png

PKIs govern the issuance of digital certificates to protect sensitive data, provide unique digital identities and secure end-to-end communications. By using digital certificates, PKIs encrypt and decrypt to verify both user and machine identities in order to prove the integrity of digital transactions. The HSM is used to secure all cryptographic processes through generation, management and protection of keys used for encrypting and decrypting data.

Using public key encryption mechanisms, the HSM generates two keys that have a mathematical relationship such that a message enciphered with one of the keys can only be deciphered by the other and vice versa. One of these keys is kept private and the other made public. So why are HSMs important to the PKI and HSM security infrastructure?

HSMs provide the physical separation for cryptographic operations and key material. Their software and hardware is specifically dedicated to providing cryptographic operations; it can be specifically optimised for that purpose. Also, HSMs perform cryptographic operations faster and with higher assurance than their software counterparts. For example, one of the key steps in generating public/private key pairs for certificate, entails the generation of random numbers. HSMs has the dedicated hardware specifically designed to generate those random numbers. Therefore, they can generate numbers that have greater entropy than would be the case if the hardware were not specifically designed for that purpose. Lastly, HSMs are standard compliant computing devices. An example of a technical standard is Federal Information Processing Standard (FIPS) 140-2, a U.S. government standard covering the implementation and assurance of security mechanisms such as algorithms and tamper protection.

Ultra believes in this approach to cyber-security posture reinforcement. HSM solutions such as Ultra’s KeyperPlus offer the most modern security features for the management and storage of cryptographic keys, and to the highest level of security achievable.

Ultra-Cyber2022-BlogPicture2.png

 


Help to shape and govern the work of techUK’s Cyber Security Programme

Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.

*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.


Upcoming events 

Cyber Innovation Den

On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.

Book now!

Cyber Security Dinner

In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.

Book now!


Get involved

All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.

The Cyber Security Group provides a coherent voice for industry working in "high threat" areas - including defence, national security and resilience, the protection of critical national infrastructure, intelligence and organised crime.

The Cyber Management Committee sets the strategic vision for the cyber security programme, helping the programme engage with government and senior industry stakeholders.

Office-working-laptop-196947631-web-1500px.jpg

The CSSMEF is comprised of SME companies from the techUK membership. The CSSMEF seeks to include a broad grouping of different SME companies working in the Cyber Security (CS) sectors.

 

 

Authors

Paul Hector

Paul Hector

Business Development Manager, Ultra