Most financial services providers have mandates to use the cloud for business and payment applications. However, migrating to cloud financial hardware security modules (HSMs) has historically seen hurdles such as regulatory compliance, cost concerns, and infrastructural complexity.

Despite these challenges, a financial cloud HSM is a worthy investment for organizations looking to achieve point-to-point encryption and streamline key management processes.

To learn more about the value of cloud financial HSMs in the payments space and what Futurex’s next-generation VirtuCrypt product will bring to the table, PaymentsJournal sat down with Ryan Smith, VP of Global Business Development at Futurex and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group. 

PaymentsJournalThe Importance of Using a Financial Cloud HSM for Data SecurityPaymentsJournal The Importance of Using a Financial Cloud HSM for Data SecurityPaymentsJournaljQuery(document).ready(function ($){var settings_ap11460345 = { design_skin: "skin-wave" ,autoplay: "off",disable_volume:"default" ,loop:"off" ,cue: "on" ,embedded: "off" ,preload_method:"metadata" ,design_animateplaypause:"off" ,skinwave_dynamicwaves:"off" ,skinwave_enableSpectrum:"off" ,skinwave_enableReflect:"on",settings_backup_type:"full",playfrom:"default",soundcloud_apikey:"" ,skinwave_comments_enable:"off",settings_php_handler:window.ajaxurl,skinwave_wave_mode:"canvas",pcm_data_try_to_generate: "on","pcm_notice": "off","notice_no_media": "on",design_color_bg: "111111",design_color_highlight: "ef6b13",skinwave_wave_mode_canvas_waves_number: "3",skinwave_wave_mode_canvas_waves_padding: "1",skinwave_wave_mode_canvas_reflection_size: "0.25",skinwave_comments_playerid:"11460345",php_retriever:"https://www.paymentsjournal.com/wp-content/plugins/dzs-zoomsounds/soundcloudretriever.php" }; try{ dzsap_init(".ap_idx_88756_2",settings_ap11460345); }catch(err){ console.warn("cannot init player", err); } });

What is a hardware security module (HSM)?

The core functionality of a hardware security module revolves around encryption, which Futurex defines as “the process by which data is rendered indecipherable to all except authorized recipients.” Knowledge of encryption helps to decrypt, or convert data into its original form, making it crucial that encrypted data is stored in a secure environment such as a HSM to prevent unauthorized access.

HSMs create and store keys used for encrypted data. Encryption keys, or randomly generated values used to protect secure data, make encryption possible. Similar to a physical key, only those who have the key can unlock (or decrypt) the stored information. HSMs store the information and encrypted keys, and access is granted only to those who use the appropriate key.

Because basic encryption is baked into everything, it may appear that it is very simple. In reality, there are complexities with networks, deploying systems, and managing data in motion and at rest—all of which come with different access requirements. This makes the seemingly simple encryption process extremely complex when moving at scale. 

HSMs are key for performance and protection, and go far beyond traditional internet security. In the payments industry, HSMs focus on the cryptography and security of information regarding payment transactions. Banks, transaction processors, card issuers, retailers, and other organizations in the space utilize financial HSMs to ensure that transactions remain secure.

The role of the cloud in financial HSMs

Once a cloud computing environment is in play within an organization’s network,