netHSM from nCipher plc, the supplier of cryptographic IT security products, is a network-attached hardware security module (HSM) said to reduce the cost of deploying cryptographic products across an enterprise. netHSM is shareable, unlike HSMs that must be deployed on a one-to-one basis with individual servers.
The device allows multiple applications to access hardware-based encryption, decryption and signing functions via secure connections over IP networks. This centralizes administration and is said to lower deployment costs.
"If the key to the encryption is in the CPU of the process, the key is in generic server memory," says Richard Moulds, vice president of marketing with nCipher. "The threat is that someone can look in the memory space of those servers and lift out the key. That has become a practical proposition."
The HSMs contain the cryptography keys inside themselves, which has few interfaces.
The security properties of netHSM have been validated independently to the Federal Information Processing Standards (Fips) 140-2, level 3, a stringent standard. Processing performance has been tuned to handle multiple server and applications at up to 1,600 RSA operations/sec, based on 1,024-bit keys, including digital signing operations and SSL session initiation.
NetHSM supports software applications from leading security suppliers, including the major Web and application platforms, and commercial public key encryption software. NCipher's nShield and nForce dedicated HSMs can be integrated with the Security World key management architecture for flexible deployment combinations.
NetHSM is priced at $30,000 per unit, plus an incremental price of $5,000 per server needing support.
Asked if offering a shareable HSM was in effect cannibalizing the company's own business, Moulds says, "It's a double-edge sword but it's going to happen anyway. It's a natural evolution of the industry. There are certain circumstances where customers will use dedicated HSM, others where they will use shareable and others where they will use both."
nCipher Offers Shareable Hardware Security Module
