Managing Keys with Dedicated Hardware is Manual and Rigid
Hardware-dependent key management involves complicated, cumbersome and manual processes, especially when it comes to the initial setup, maintenance, backup, etc. As today’s digital business moves at the speed of the cloud, new requirements and new applications accelerate change and significantly shorten delivery schedules. This drives automation throughout the development cycle which can be severely interrupted by key management operations which rely on physical hardware, such as Hardware Security Modules (HSM).
When operations rely on hardware for their security, elasticity disappears. Peaks in demand require additional dedicated and costly hardware that must be shipped, installed and set up manually, well in advance. Moreover, high availability and disaster recovery further complicate the issue, requiring significant resources even for small deployments.
Agile, Automated and Secure Key Management
Unbound Key Control (UKC) is an elastic and flexible key management platform that supports both virtualized and non-virtualized environments. As a software-only solution, UKC requires minimal efforts to setup, use and maintain in a variety of environments and application delivery models, including Dockers and containers. All key management and user management operations are fully automated using the CLI or REST API, giving you the ability to scale up or down, create partitions and users, register clients and revoke keys immediately across your entire global infrastructure from a single plane of glass.
No dependency on underlying hardware and physical infrastructure
Supports all environments and app delivery models, including VMs and containers
Scale up and down instantly to support any level of capacity
REST API provides easy automation of initial setup and day-to-day management
Easy maintenance and automated updates
See how an eCommerce vendor scales up and down on-demand
A large eCommerce retailer is planning capacity for its website and preparing for peak events such as Cyber Monday, where website traffic is likely to grow by 40% or more compared to average days. Conscious of the severe threat of an SSL-certificate compromise, they use HSMs to secure their SSL certificate. Below is a comparison of the two capacity planning scenarios, one that uses HSMs and one that uses Unbound.
Hardware Security Module (HSM)
As website unavailability means immediate business loss for the retailer, and the ability to scale the HSM setup to reply to demand within reasonable timeframe doesn’t exist, the website setup must include a large HSM cluster with the capacity to support 200% of average day traffic. This leads to immensely poor infrastructure utilization. Moreover, if an unlikely event happens requiring even more capacity, website availability will be impacted.
Unbound Key Control (UKC)
When using UKC to protect the SSL certificates, capacity planning is easy and inexpensive due to the elasticity created by abstraction of the hardware – without any compromise on the security. UKC runs on standard VMs and containers, and is deployed and configured to scale up/down at need, just like any other application. It scales up and down immediately, adjusting to the application requirements on time.