The date of Entrust Bootcamp by Alfatec Group is approaching soon. It will provide a comprehensive technical perspective on Entrust HSM and Digital Security Solutions.
The central topics of the conference will be the news on the nShield HSM upgrade, "Secrets & Key Management" and „Identity and Access Management“ (IAM). The speakers will present in detail the various ways of implementation and the possibilities of using these solutions and platforms, such as encryption, digital signing, and key generation and protection.
Richard Palmer, Regional Sales Manager and Territory Manager of Entrust is one of our speakers and the expert on identity and security solutions which enable growth, protect assets, and build trust into every digital interaction. We asked Richard some important questions related this years Entrust Bootcamp!
What is an Entrust nShield HSM?
Richard Palmer: “An HSM is a Hardware Security Module. You can think of it as an electronic safe for keeping your keys safe. No one wants to leave their keys just laying around to be found so we store them in an electronic vault, an HSM”.
What are the responsibilities of HSM?
Richard Palmer: “Most people understand digital certificates and what they are used for electronically. So, we use keys to securely encrypt these certificates and then keep the keys safe. The HSM can manage the entire lifecycle of cryptographic keys. HSMs also can create and verify digital signatures. All-access transactions involving an HSM are logged to create an audit trail”.
Can you describe Identity and Access Management?
An Identity and Access Management (IAM) strategy is a system whose technology is responsible for managing the income of users or individuals who are part of a collective or, in this case, of a company.
Its primary function is to identify these users. Then, when their data is part of the system, a series of parameters are set that control how far they can have access within a company. This way, while some employees will be authorized to manage some data, others will be able to know a deeper level of business information.
What is an example of an IAM strategy?
Richard Palmer: “A good example is the requirement to verify a person’s ID to access or use data. For example, a bank wants to know if it is Richard accessing my bank account, not you impersonating me, but using more security than a One Time Password. A bank of course needs to make my experience as easy and comfortable as possible while providing the best security possible. So IAM is the way to find the best balance between the two”.
Without a robust IAM system to verify users’ identities, manage role and permission-based access, and secure sensitive data, a business leaves itself open to unauthorized access, data breaches, and even legal penalties. That is why is important to be informed about new trends and growing concerns businesses need to stay on top and develop and maintain effective IAM systems.
What are the trends in Identity and Access Management?
Passwordless login is probably the most notable trend right now. Companies have an ever-increasing number of systems all separate with different logins so the management of these is being more complex which exposes the company to more risk. This, combined with the ever-increasing threat from phishing, requires a more robust system for login. Using password-less technologies linked to biometrics provides and much higher level of security and control for accessing companies' systems.
We thank Richard for this important overview, and we are looking forward to hearing more on Entrust Bootcamp 2024.