A hardware security module (HSM) is a physical device that provides extra security for sensitive data. This type of device is used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases. For example, businesses may use an HSM to secure trade secrets that have significant value by ensuring only authorized individuals can access the HSM to complete a cryptography key transaction.
The entire cryptography key lifecycle -- from provisioning, managing, and storing to disposing or archiving the keys -- occurs in the HSM. Digital signatures also may be captured via an HSM, and all access transactions are logged to create an audit trail. In this way, a hardware security module can assist businesses in moving sensitive information and processes from paper documentation to a digital format. Multiple HSMs may be used together to provide public key management without slowing down applications.
An HSM is hardened against tampering or damage and may be located in a physically secure area of a data center to prevent unauthorized contact. The module may be embedded in other hardware, connected to a server as part of a network, or used as a standalone device offline. Although some businesses keep hardware security modules on-premises, this aspect of security may also be outsourced to third-party data centers.