Organizations trying to balance the risk of data breaches against the cost of implementing encryption solutions often balk at the tradeoff. Hardware security modules (HSMs) offer a root of trust for the applications that perform encryption, but cost considerations typically limit the scope of their deployment. This paper presents criteria to help organizations decide which applications or data would benefit most from hardware-based encryption and key protection as well as examples of successful implementations.
The following is a high-level checklist for deploying hardware-based encryption:
- Use risk analysis to drive the overall process of determining an appropriate solution.
- Calculate the TCO to make sure there are no hidden costs.
- Put together a detailed implementation plan to fully understand the complexities involved.