Case Study

Partnering with a global financial services provider

A leading UK based wealth management platform provider with global reach approached us wanting to ensure the security of their customers’ encryption keys. Encryption being the process by which data is encoded so that information is only accessible by authorised users and even if someone was to gain access to it, they would not be able to read it.

The Problem

Obviously, data security is paramount for any business. But never more so, than in the case of the financial services sector, where an individual’s financial information and transactions need to be 100% safe and secure no matter what. Therefore, what this Financial Technology (Fintech) provider needed was for encryption keys to be stored in tamper-proof hardware that would prevent compromise and the decryption of highly sensitive data. The keys themselves being used to decrypt secure transactions between leading financial providers and their clientele.

The challenge was that our solution had to seamlessly integrate with the company’s existing technology. Plus, as their infrastructure included end-of-life hardware, we would have to replace it while maintaining a live and continuous service. This would mean the migration of existing keys protected by an imbedded FIPS module over to a general purpose Hardware Security Module (HSM).

The task of building and configuring the HSM infrastructure during the Covid pandemic was particularly challenging given the geographical location of the hardware.

John Myers
Consultant, FullProxy

Our Solution

We needed to build a secure HSM infrastructure that would protect both the encryption keys and online services in order to secure customers’ personal and financial information from compromise, reuse or loss. Working closely with our client and their infrastructure team, we went through their network and security requirements.

 

From this, we developed a plan for the seamless transition from their existing hardware to a new one. As part of this, we chose Entrust nShield HSM which provides a hardened, tamper-resistant environment designed specifically to protect sensitive data. Available in three FIPS 140-2 certified forms, it performs vital cryptographic functions such as generating, managing and storing encryption keys while at the same time carrying our sensitive functions within their protected boundaries.

 

This was complemented with F5 BIG-IP Local Traffic Manager, which is an Application Delivery Controller that enables you to optimally direct application traffic, selecting the right destination based on server performance, security, and availability. All with the power to scale, automate and customise application services faster and with more predictability.

The Results

Thanks to the creation of an in-depth plan followed by its careful execution, we provided an integrated state-of-the-art solution, using both F5 BIG-IP Local Traffic Managers and Entrust nShield general purpose HSMs, on time and with no interruption to any services whatsoever during the swap over. The new nationwide service now provides a secure and tamper-proof platform for the storage of encryption keys while not just meeting, but surpassing, important regulatory standards.

Migrating existing protected crypto keys from the F5 BIG-IP LTM to the HSM in a live environment was achieved seamlessly with no impact to customers.

Head of Technology Services

Products used

F5 BIG-IP Local Traffic Manager (LTM)
Entrust nShield Hardware Security Module (HSM)
© 2022 FullProxy Limited. All rights reserved.