The Thales HSM integration allows credentials managed by Enterprise Random Password Manager™ (ERPM) to be encrypted and the encryption keys stored in a tamper-resistant hardware device and never exposed to the computer itself. This enables the keys to be more effectively managed and safely stored. Lieberman Software was the first commercial ISV to utilize Hardware Security Module (HSM) technology as a method for securing sensitive password data in a commercial off-the-shelf application.
The partnership with Thales provides Lieberman Software customers with the most secure method possible for storing local passwords utilized by every system in the enterprise. Given that the security of sensitive passwords is integral to the continued operation of an organization, the inclusion of an HSM option in these products is a significant security enhancement.
Hardware-Based Encryption of Privileged Passwords
Hardware based encryption key management is an industry best practice because it overcomes the inherent security weakness of using and managing keys in software. Thales nShield HSMs provides ERPM with a secure key management and encryption subsystem that is independently validated to FIPS 140-2 levels 2 and 3 and Common Criteria EAL 4+. This is a de-facto security benchmark for cryptographic processing and a mandatory requirement for many organizations.
The integration of Thales nShield HSMs with ERPM provides a tangible security benefit. Encryption is rapidly becoming a mainstream security tool and the use of it in the context of password management is an example of how it can protect critical assets. Privileged passwords and other high value account credentials are increasingly identified as a point of risk that requires management attention.
HSM technology has been utilized for years in the government, military, and intelligence industries to protect against the security flaws of conventional encryption software. Even when keys are encrypted, software debuggers can locate and access the decryption key, allowing critical data to be compromised. With an HSM, there is no record of keys stored in memory. Instead the keys are stored in a secure device, physically inside of a computer.
For Lieberman Software customers this means that the local administrator and root passwords generated by ERPM can be securely stored and protected against unauthorized access. ERPM can interface with any HSM developed by commercial third-parties or the intelligence community when a PKCS#11 interface library is provided.
For more information on how Lieberman Software’s HSM integration can help protect your enterprise, contact an account manager.