What is a Credentials Management System?
To control access to sensitive data, organizations require user credentials. Deploying a sound credential management system—or several credential management systems—is critical to secure all systems and information. Authorities must be able to create and revoke credentials as customers and employees come and go or simply change roles, and as business processes and policies evolve. Furthermore, the rise of privacy regulations and other security mandates increases the need for organizations to demonstrate the ability to validate the identity of online consumers and internal privileged users.
Challenges Associated with Credential Management
- Attackers that can gain control of your credential management system can issue credentials that make them an insider, potentially with privileges to compromise systems undetected.
- Compromised credential management processes result in the need to re-issue credentials, which can be an expensive and time-consuming process.
- Credential validation rates can vary enormously and can easily outpace the performance characteristics of a credential management system, jeopardizing business continuity.
- Business application owners’ expectations around security and trust models are rising and can expose credential management as a weak link that may jeopardize compliance claims.
Hardware Security Modules (HSMs)
While it’s possible to deploy a credential management platform in a purely software-based system, this approach is inherently less secure. Token signing and encryption keys handled outside the cryptographic boundary of a certified HSM are significantly more vulnerable to attacks that could compromise the token signing and distribution process. HSMs are the only proven and auditable way to secure valuable cryptographic material and deliver FIPS-approved hardware protection.
HSMs enable your enterprise to:
- Secure token signing keys within carefully designed cryptographic boundaries, employing robust access control mechanisms with enforced separation of duties in order to ensure that keys are only used by authorized entities
- Ensure availability by using sophisticated key management, storage and redundancy features
- Deliver high performance to support increasingly demanding enterprise requirements for access to resources from different devices and locations