What are hardware security modules (HSM), why we need them and how they work.

You're doing an amazing job of making difficult concepts easier to understand for those of us just starting off our cyber careers. Many thanks.

dmfh

Again much appreciated your video! Just done my Security+ and I wish to learn so much more about HSM.

wowgingermobile

Very well presented, the perfect level of depth

justinclayton

It is what I'm looking for. Thank you

micael

This is phenomenal. I had the privilege of reading something similar, and it was absolutely phenomenal. "Mastering AWS: A Software Engineers Guide" by Nathan Vale

John-

This was exactly what I was looking for. Thanks.

QueLastima

Such a great explanation 👏👏👏 . There is no such series for this. It would be great if you could make one Azure Managed HSM and how to implement it using terraform

reya

Hi Adrian. Probably the best summary of how HSMs work from a high level. I currently perform staging/whitelisting of SQL Servers IP Addresses on nCipher RFS Servers. I understand the process pretty well, but, myself and other Engineers differ on how for instance, an nCipher HSM protects a SQL Server data encryption key (DEK). We are in meetings, and they all act like the SQL DEK is stored on the HSM. And my understanding in brief terms, goes like this: 1) SQL TDE DEK, is the key that encrypts the SQL Database file. 2) I stage the SQL Servers IP Addresses in both an HSM and RFS Config file (that the HSM will later call). 3) In order to integrate SQL Database Servers into nCipher HSM, they must first have the Entrust Security World software installed, and then the SQLEKM.dll I believe, via an Option Pack. 4) Once that's all setup, they will create some accounts, and an account that maps to the the SQLEKM.dll provider that's installed and setup on SQL Database. 5) ( THIS is where I need validation on how I think this truly works ): They will run some SQL queries to setup/create an Asymmetric Key, i.e. a call made to the SQLEKM Provider, which interfaces with the HSM. 6) The HSM Master key creates a KEK (Key Encryption Key) which is processed by the SQLEKM, and the KEK is used via the tdeLogin/tdeCredential while at the same time, being protected by the SQLEKM Provider in the Entrust (nShield or nCipher) HSM, to finally, encrypt the SQL TDE "DEK" or data encryption key, and hence, you have the HSM providing Key Management....Is my explanation somewhat close or am I off a bit? I really want to understand this process and be able to tell the guys at work, and per Entrusts documentation, that the TDEDEK Symmetric key is "created by the SQL Server and CANNOT be exported from the database, meaning it cannot be created or directly protected by the SQLEKM Provider (nShield or nCipher HSM). I'm hoping for a reply from you, and, am also hoping for more in-depth videos on Entrust (or other Vendor) HSMs and the in-depth ways the process truly works. Also interesting is it's use in PKI. That I would like to learn more as well. Thank you for your time!!

googlewalle

Amazing explanation thanks a million! One thing here how we should integrate it with KMIP?

itsredhwan

Great video! Which playlist should I watch to continue the HSM learning?

zebulongriggs

Hey Adrian I just wanted to let you know that you have added HSM Pictures in tech fundamentals learning aid in associate solution architect cource GitHub repository . I was a bit confused when I found it while going through the learning aids and instantly came here to know what HSM means

owendcunha

Lets say I want to store signing keys for the some tokens in HSM. Fist of all is this a good idea.? Second, if yes then does this not add latency to sign all tokens?

rohitshende

So what are some vulnerabilities to having a HSM?

johnmartin

how to make a data vault on top of HSM for storing credentials??

Rahul-lgnw