With encryption and Tokenization as enablers, innovations such as Contactless Payments, P2P transfers, and Digital Banking are already disrupting age-old practices and delivering compelling value to stakeholders across the transaction lifecycle. Futurex is enabling FinTechs and startups with securing consumer’s data and digital transactions through its on premise as well as on cloud hardware security modules (HSMs), which help in encryption, tokenization, and key management. SmartStateIndia had the opportunity to have an interaction with Ruchin Kumar, VP – South Asia, Futurex, who shared insights on how Futurex’s world-class HSM solutions are playing a key role for FinTechs and startups in securing the digital payment ecosystem.
Here’s an excerpt from the interaction:
Cyber threats to the Fintech industry / startups are a growing concern. What are some of the most pressing data security challenges faced by fintech companies in India?
It can be a challenge for organizations to keep up with cybersecurity threats as they evolve. Deploying cryptographic infrastructure is the best way to stay resilient against such threats. But first, organizations must find a cryptographic solution that both meets their security needs and is easy to deploy. This can lead to decisions about whether to deploy on-premises or in the cloud.
What are general purpose hardware security modules (HSMs) and what role does it play in ensuring security to sensitive information?
HSMs perform a vast range of cryptographic functions, from encryption to key management. The two major types of encryptions are for payments and general-purpose. A general-purpose HSM specializes in general-purpose encryption use cases, such as data protection. Data protection typically refers to encrypting databases, applications, and files. Organizations wishing to protect sensitive data in transit and at rest are well served by general-purpose HSMs.
HSMs, especially payment hardware security modules (HSMs), are extensively used by the retail banking industry. What are its use cases in the payment’s ecosystem?
Payment HSMs are the most important part of cryptographic infrastructure for organizations in the payments sector. They encrypt payment data so that acquiring banks can validate transactions; they authenticate cardholder data for issuing banks and card companies; they use symmetric keys to encrypt payment card numbers upon capture, and so much more. Payment HSMs encrypt and secure every part of the payment process across every economic sector.
Payment HSM as a service is finding acceptance among fintech companies. What are the advantages of cloud payment HSMs over on-premises HSMs?
On-premises and cloud payment HSMs have the same range of functionality, but they do offer slightly different advantages. An on-premises HSM offers more hands-on control, while a cloud HSM offers faster deployment time. Rather than purchasing an HSM, having it shipped to you, mounting it in an equipment rack and so forth, you simply acquire a license for a cloud HSM platform and can begin spinning up encryption functions. Cloud platforms such as Futurex’s VirtuCrypt cloud offers an OpEx financial model as opposed to CapEx, helping companies cut down on costs.
Despite benefits like enhanced ROI of data protection platforms, cloud payment HSM adoption in India is still at a nascent stage. What are the barriers to its adoption and how can we overcome them?
Aside from Futurex, there are not too many cloud payment HSM providers in India. Futurex operates data centers in Mumbai and Hyderabad to help Indian organizations comply with data localization policies, but some cloud providers don’t have this local approach.
According to experts, growing cloud adoption organizations may pose new / different sets of cyber security challenges. What is your advice to CIOs to address these challenges?
Cloud cryptography is based on physical hardware and offers the same functionality and security. Finding a cloud provider who is compliant with data localization policy can be one challenge for organizations. Effectively managing cloud infrastructure can be another—an administrator often has all kinds of permissions, roles, cloud HSMs, HSM clusters, cryptographic workflows, and applications to keep track of. When choosing a cloud solution, it’s important to make sure its interface, workflow, and management capabilities are a good fit. These are reasons why the Futurex team focused on the VirtuCrypt cloud platforms graphical user interface (GUI), building in design features like “one-click migration,” drag and drop HSM clusters, and user-defined automation parameters.
With cybercrime going up across the board it is not enough to pass PCI or local government audits. What additional measures would you recommend to prevent the additional cyber security threats and vulnerabilities of fintech companies?
In an emergency scenario, a malicious actor might gain access to an organization’s network. This can happen when internal security policies grow lax. This is when corollaries like cryptographic sprawl set in— the proliferation of unmanaged credentials, secrets, cryptographic solutions, and keys. As such, it’s a good idea to find a cryptography provider that can help you centralize and streamline your infrastructure, giving you the power to manage it effectively from a central location and platform. Doing so removes the vulnerabilities caused by cryptographic sprawl.
Another way to mitigate the risk of cyberattacks is to limit the vertical movement of attackers who gain access to your network by implementing enterprise-wide authentication. Establishing a certificate authority (CA) and public key infrastructure (PKI) helps make sure that only validated, trusted entities can access network resources.
Form your perspective, what are the top trends in cloud and data security that CIOs and CISOs should be prepared for in 2023.
Cloud adoption is on the rise worldwide. However, Futurex hasn’t led the industry for over 40 years simply by chasing trends. Our subject matter experts carefully anticipate emerging trends to help our customers stay ahead of the cryptographic curve. As cloud adoption increases, some organizations may also see cloud costs going up. As such, they’ll begin searching for cloud solutions that help them consolidate their cloud infrastructure to reduce costs. As always, Futurex will be there with a centralized solution.