A wealth management financial services provider responsible for 8,000 wealth management firms, which enable over 20 million people to invest approached FullProxy looking for a way to improve security for their customers’ encryption keys. There can be many security risks associated with compromised encryption keys, such as loss of data and system access, which can be detrimental to a financial services provider. Many organisations are unaware that a key has been hacked until the attacker takes advantage, which can make the cyber threat even more dangerous.
The provider needed a way for encryption keys to be stored that would prevent outsiders from gaining access to extremely sensitive information. The keys are a way of decrypting secure transactions for financial institutions and their clients to prevent unauthorised access and data breaches. Finding a solution that can be integrated into a client’s existing technology infrastructure can often be challenging. With this provider, their infrastructure included end-of-life hardware, which needed to be replaced while ensuring the company could still operate. This meant, migrating existing keys protected by an embedded FIPS modules over to general-purpose Hardware Security Modules (HSMs).
Building a secure Hardware Security Module that would protect the encryption keys and online services was extremely important to secure the provider’s customers’ personal and financial data. To implement this, our Senior Consultant, started by working with the client’s infrastructure team to discuss their specific network and security requirements to develop a plan for transitioning from their existing hardware.
Selecting Entrust nShield the hardware security module provided a secure, tamper-resistant environment solution for performing vital cryptographic functions such as generating, managing, and storing encryption keys. This was made possible with F5 BIG-IP Local Traffic Manager, an Application Delivery Controller that enables organisations to optimally direct application traffic and selects the right destination based on server performance, security, and availability, with the added extra to be able to scale, automate, and customise application services faster with more predictability.
Using both F5 BIG-IP Local Traffic Managers and Entrust nShield general-purpose HSMs, FullProxy was able to provide a quick solution and implement it without disrupting the provider’s operations. The new nationwide service introduced by the global financial services provider is now using the secure platform to store encryption keys protecting authorised users against unwanted data breaches.
Head of Technology Services