Case Study


Protecting vital data against cyber threats for a global financial services provider

A wealth management financial services provider responsible for 8,000 wealth management firms, which enable over 20 million people to invest approached FullProxy looking for a way to improve security for their customers’ encryption keys. There can be many security risks associated with compromised encryption keys, such as loss of data and system access, which can be detrimental to a financial services provider. Many organisations are unaware that a key has been hacked until the attacker takes advantage, which can make the cyber threat even more dangerous.

The Problem

The provider needed a way for encryption keys to be stored that would prevent outsiders from gaining access to extremely sensitive information. The keys are a way of decrypting secure transactions for financial institutions and their clients to prevent unauthorised access and data breaches. Finding a solution that can be integrated into a client’s existing technology infrastructure can often be challenging. With this provider, their infrastructure included end-of-life hardware, which needed to be replaced while ensuring the company could still operate. This meant, migrating existing keys protected by an embedded FIPS modules over to general-purpose Hardware Security Modules (HSMs).

The task of building and configuring the HSM infrastructure during the Covid pandemic was particularly challenging given the geographical location of the hardware.

John Myers
Consultant, FullProxy

Our Solution

Building a secure Hardware Security Module that would protect the encryption keys and online services was extremely important to secure the provider’s customers’ personal and financial data. To implement this, our Senior Consultant, started by working with the client’s infrastructure team to discuss their specific network and security requirements to develop a plan for transitioning from their existing hardware.

Selecting Entrust nShield the hardware security module provided a secure, tamper-resistant environment solution for performing vital cryptographic functions such as generating, managing, and storing encryption keys. This was made possible with F5 BIG-IP Local Traffic Manager, an Application Delivery Controller that enables organisations to optimally direct application traffic and selects the right destination based on server performance, security, and availability, with the added extra to be able to scale, automate, and customise application services faster with more predictability.

The Results

Using both F5 BIG-IP Local Traffic Managers and Entrust nShield general-purpose HSMs, FullProxy was able to provide a quick solution and implement it without disrupting the provider’s operations. The new nationwide service introduced by the global financial services provider is now using the secure platform to store encryption keys protecting authorised users against unwanted data breaches.

Migrating existing protected crypto keys from the F5 BIG-IP LTM to the HSM in a live environment was achieved seamlessly with no impact to customers.

Head of Technology Services

Products used

F5 BIG-IP Local Traffic Manager (LTM)
Entrust nShield Hardware Security Module (HSM)