Keeper of the Keys: Unbound Tech on Digital Security for Growing Fintechs

They might have their heads in the Cloud, but fintechs understand
that with digital expansion comes greater security needs. From
on-premise infrastructure, hardware security modules (HSMs), and
even apps, managing the security keys across a multitude of
scenarios, can get expensive. Â Michael Hughes, CBO at
Unbound Tech

Here Michael Hughes, the Chief Business Officer
at Unbound Tech, explains the issues that fintechs
continue to face as businesses grow, and security concerns

The centralised management capability offered by the cloud,
while lucrative is not always as feasible and seamless when it
means abandoning years of tried-and-true hardware that may be in
consideration for obsolescence. So, what are IT managers up against
when they decide on a cloud shift that requires that some existing
hardware remains intact?

Several issues will surface, such as the time-consuming task of
maintaining multiple systems, implementing key management solutions
and the creation of multiple keys depending on the application
supported and authentication path. Developers and solution
architects take on the biggest migration risk, because the
painstaking work that it took to develop an application once, may
now have to be repeatedly refactored to ensure that keys work
anywhere, any cloud, at any time.

Key management system concerns

Most cloud providers have a key management solution (KMS) that
delivers a segmented picture of the cryptographic key logs and
usage reports, that is inherent to their cloud, making it
impossible for enterprises to manage their entire key arsenal in a
single place with full visibility of cryptographic keys, across
multiple sites from on-premise to hybrid and multi-cloud. This
greatly impacts distributed enterprises and financial organisations
as they expose themselves to the most risk and increased costs when
not fully considering the impact of a disparate infrastructure when
moving to the cloud.

Once an organisation begins to vet the potential risks and
considerations of their shift, many find it close to impossible to
manage their entire cryptographic arsenal across disparate sites
and multi-cloud due to the dependencies on the very applications
that they are looking to authenticate having written to each cloud
requirements. This greatly impacts the time to market with existing
and new applications that require keys to ensure proper security
policies are met and could have drastic repercussions on the
organisation’s ability to prevent cyber-attacks and data
leakage. So how does one implement a solution that accounts for
existing and new infrastructure, accelerates your financial
institution’s time to market, and enforces the policy,
custody and security parameters you are required to meet?

Finding a secure solution

Over the years I have seen one too many banks come to Unbound
after investing months trying to implement a partial solution
to a major problem. Meeting the requirement that provides a single
pane of glass to their keys and digital assets on where they
are stored, how they are being used, who is using them, and
how they are being programmed is only a challenge that we
can meet with the superior security benchmark of enabling
multi-party computation (MPC).

In an on-premise environment the technology and where it is
housed is physically known and visible to the user, when it comes
to cloud management solutions that control is abdicated and
trust can be easily impacted â€“ controlling crypto
keys should not be a leap of faith, but a gain in agility
and visibility of all assets, anywhere any time.

Prior to Unbound, each HSM vendor would have their own
encryption library, that under Public-Key
Cryptography Standards
 (PKCS-11), enforces how to
interact with different HSMs. With Unbound key store, the
trusted institution environment we have has a management layer
on top that communicates universally across any key
store to identify usage and misuse.

A cryptographic audit log provides the notion of
non-repudiation, showing how to use the key and for what
function. The concept itself assists development units to
manage an HSM portal and demand where it should be

All financial institutions need to make sure that they benefit
from secure and agile cryptography platform, including quantum
encryption, centralized key management with BYOK or CYOK (control
your own key) support, as well as HSM and vHSM coexistence.
In today’s day and age, when innovation, efficiency
and proven security that delivers long term confidence and
trust is a necessity â€“ then I understand why so many of
the world’s largest banks have come to rely on
our platform.

You can learn more by
visiting Unbound directly.

The post
Keeper of the Keys: Unbound Tech on Digital Security for Growing
appeared first on The Fintech Times.