Cryptomathic Integration Enables HSM-as-a-Service at German Bank

Cryptomathic has completed a successful integration of its centralized HSM and cryptography management platform, Crypto Service Gateway (CSG), with the CyberArk Identity Security platform in a live setting at an unnamed tier-one German bank.

The integration substantially enhances the security and availability of the bank’s encryption keys during generation, storage, and key rotation. By enabling CyberArk keys to be centrally managed together with the bank’s other applications via CSG’s single interface, the bank has successfully lowered its total cost of ownership in cryptographic key management, centralized its cryptographic policy enforcement and increased the bank’s operational agility in key lifecycle management. 

CyberArk delivers a unified enterprise security platform that addresses a wide range of use-cases in which secure, privileged accounts, credentials and secrets are required. CyberArk solutions are widely used in financial institutions around the world to secure credentials such as passwords and SSH keys and to enforce privileged access controls to sensitive systems, applications and data.

Banks and other organizations operating in compliance-driven sectors must protect their secret key material in certified hardware environments. Commonly this has been accomplished via the direct integration of enterprise applications with Hardware Security Modules (HSMs) which require the secure generation and storage of encryption keys. As the use of encryption has propagated within the enterprise so too has the cost and management overhead of using dedicated HSMs, making the business of key lifecycle management fragmented, resource intensive and expensive. 

“By plugging their legacy and custom applications into Cryptomathic’s Crypto Service Gateway and embracing an HSM-as-a-Service model, banks can address the problems of HSM and key lifecycle management head-on,” comments Johannes Lintzen, Managing Director, Cryptomathic North America. “Without this service-based approach, HSM architectures can quickly become monolithic, with HSMs being under-utilized and, for the most part, running idle. CSG’s integration with CyberArk means that banks can port the lifecycle management of this major security provider into our centralized platform. We’re delighted to have successfully completed this integration at a tier-one German bank and are looking forward to bringing these efficiencies to other major institutions around the world.”

Cryptomathic CSG delivers unified key management and HSM-as-a-Service capabilities to ensure the secure generation, storage, and use of digital certificates as well as cryptographic keys. It provides instant access to a highly available and centrally managed cryptographic key service backed by a farm of FIPS-certified HSMs and is available as an on-prem installation.