This blog is part of the VTPP (VNET Threat Perception Platform) project, a three-year programme co-funded by the European Commission under the DIGITAL-ECCC-2022-CYBER-03 call. The project covers DDoS mitigation with FastNetMon, vulnerability scanning with OpenVAS, custom AI/ML detection plugins for Zeek, HSM-backed key management, RPKI validation and a Krill CA, and a full-scale deployment of Security Onion as the IDS/SIEM/NSM backbone.
Introduction
The digitalization of business processes, the migration of services to the cloud, and the ever-growing volume of sensitive data have given organizations enormous opportunities, but at the same time they have introduced new security risks. Cyberattacks have intensified dramatically in recent years, and today they are no longer a problem only for large technology companies or government institutions. Hospitals, banks, manufacturing companies, universities, cities, and small businesses are all becoming targets. Attackers focus primarily on high-value data, such as personal data, financial information, internal documents, and industrial know-how.
One of the biggest threats today is ransomware. This is a type of malicious software that, after breaching an organization’s infrastructure, encrypts data or entire systems and then demands a ransom to restore them. Modern ransomware groups, however, no longer operate as lone individuals. Today they are well-organized groups that leverage sophisticated tooling, automated attacks, and often a “Ransomware-as-a-Service” model, under which attackers can rent ready-made attack platforms.
The encryption of data is no longer the only major problem. Before encrypting, attackers often copy sensitive data and then threaten to publish it. As a result, the organization comes under twofold pressure: it needs to restore operations while also preventing the leak of sensitive information. In many cases this leads to enormous financial losses, reputational damage, and legal consequences associated with violating regulatory requirements.
For exactly this reason, HSM (Hardware Security Module) and KMS (Key Management System) technologies are increasingly being adopted in modern security architectures. These systems form the foundation of a secure cryptographic infrastructure and help organizations protect the most sensitive part of encryption: the cryptographic keys. Security experts often say that encryption is only as secure as the keys that protect it.
The Importance of Cryptography in Modern Security
Today, encryption represents one of the most important pillars of cybersecurity. It is used virtually everywhere: in communication over the internet, in banking systems, cloud services, databases, mobile applications, and in protecting backups. Its purpose is to ensure that an unauthorized person cannot access the data, even if a system is compromised or a data breach occurs.
Encryption alone, however, is not enough. If an attacker obtains the encryption keys, they can decrypt all protected information regardless of the strength of the algorithm used. In the past, organizations often protected stored cryptographic keys only in software, for example directly on a server or in an application database. Such an approach is inadequate today, because if the server is compromised, an attacker can obtain both the data and the keys at the same time.
Modern security therefore requires separating data from cryptographic secrets. Encryption keys must be stored in a separate, highly secured environment accessible only to a precisely defined set of systems and users. Beyond protection itself, what also matters is auditability, access control, regular key rotation, and the ability to monitor all cryptographic operations.
Traditional Approaches and Their Limitations
Many organizations still rely on basic software solutions for managing cryptographic keys. This primarily involves storing keys in configuration files, databases, or directly in applications. While this approach is simple and inexpensive, from a security standpoint it represents a significant risk. If an attacker compromises a server or gains administrator privileges, they can very easily obtain the encryption keys as well.
Another common problem is the lack of control over who works with the cryptographic keys and how. In many organizations, administrators have overly broad privileges, there is no detailed audit of operations, and a single person can perform sensitive actions without further approval. This significantly increases the risk of insider threat attacks or privilege abuse.
Cloud platforms today do offer their own key management services, such as AWS KMS, Azure Key Vault, or Google Cloud KMS, but even these solutions are not a universal fit for every organization. For critical systems, military applications, or environments with stringent regulatory requirements, dependence on an external cloud provider, or insufficient physical control over the cryptographic infrastructure, can be problematic.
For this very reason, more and more organizations are turning to a combination of HSM and KMS technologies, which provide a significantly higher level of protection and make it possible to meet the strictest security standards.
What an HSM Is and Why It Matters So Much
A Hardware Security Module, or HSM for short, is a specialized hardware device designed for the secure generation, storage, and use of cryptographic keys. You can think of an HSM as a “vault for cryptographic secrets.” It is an isolated device whose primary purpose is to ensure that sensitive cryptographic operations are carried out in a protected environment, outside the regular operating system.
The greatest advantage of an HSM is that the cryptographic keys never leave the device in readable form. When an application needs to perform an operation, such as decryption or a digital signature, it sends a request to the HSM. The operation itself is performed inside the device, and the application receives only the result. This means that not even a server administrator, malware, or an attacker with root access can obtain the private keys.
HSM devices include multiple tamper-resistance mechanisms. If the device detects a physical tampering attempt, it can automatically erase the stored keys or lock itself down. Modern HSMs are also certified against strict security standards such as FIPS 140-3 or Common Criteria EAL. These certifications demonstrate that the device meets high security requirements and is resistant to both physical and logical attacks.
In practice, HSMs are used primarily in banking, military systems, PKI infrastructure, certificate authorities, healthcare, and in protecting a nation’s critical infrastructure. Without HSMs, secure payment systems, electronic signatures, and many government cryptographic services would not function today.
The Key Management System as the Hub of Cryptographic Infrastructure
While an HSM provides physical protection for cryptographic secrets, a KMS is a central system for managing the lifecycle of cryptographic keys. Its role is not only the secure storage of keys, but also their generation, distribution, rotation, archiving, revocation, and auditing.
A modern organization can have an enormous number of cryptographic keys. Every database, application, cloud service, VPN connection, and backup system may use its own encryption mechanisms. Without centralized management, the cryptographic infrastructure would become opaque and practically unmanageable.
A KMS makes it possible to define precise security policies, determine which systems can use specific keys, and monitor all cryptographic operations. Automatic key rotation is another significant feature. Organizations today often face the problem of using the same cryptographic keys for too long, which increases the risk of compromise. A KMS can automate this process and substantially reduce the likelihood of a security incident.
Auditability is another important property of a KMS. Every use of a key can be logged, including information about who performed the operation, from which system, and at what time. This is extremely important for the forensic analysis of security incidents and for demonstrating compliance with regulatory requirements.
How HSM and KMS Work Together: An Example with GNU/Linux Servers
To see how these technologies cooperate in practice, consider a fleet of GNU/Linux servers that use an HSM and KMS stack for both system and application authentication. The architecture is layered: the servers request cryptographic operations rather than the keys themselves, the KMS acts as the control and governance plane, and the HSM serves as the trust anchor where keys are generated and never released.
A server never holds the private key locally. When a host unlocks a LUKS-encrypted disk at boot, establishes an SSH host identity, terminates a TLS connection for an application, or signs a JWT, it issues a request through a standard interface, most commonly PKCS#11 (the engine that PAM modules, OpenSSL, and TLS libraries talk to) or KMIP for networked key services.
The KMS sits in the middle as the control and governance plane. It decides whether a specific server and workload are allowed to use the requested key, enforces lifecycle rules such as automatic rotation and revocation, and records an audit entry for every operation. This is also where Separation of Duties and Dual Control are enforced, and it is the layer that produces the evidence trail NIS2, PCI-DSS, and ISO 27001 auditors require.
The HSM is the trust anchor. The KMS itself never sees raw key material; it delegates the actual signing or decryption to the HSM, where the keys remain inside the certified FIPS 140-3 boundary. The operation runs on the HSM’s internal cryptographic engine, and only the result travels back up. As a result, even if an attacker fully compromises a Linux server, gains root, or breaches the KMS host, the private keys themselves never existed in any of those places to be stolen. Each layer downward holds less and exposes less.
A Concrete Sequence: Signing a TLS Handshake
The following sequence traces a single TLS handshake to show exactly how a request moves through the stack and back. It illustrates the round-trip for one signing operation, from the application’s initial call to the completed session.
The application requests a signature over PKCS#11. The KMS first verifies that the host is authorized to use the key, then delegates the signing operation to the HSM using only a reference to the key, never the key itself. The HSM performs the signing internally, where the private key remains, and returns only the resulting signature. The KMS records an audit entry capturing who performed the operation, from which system, and at what time, and then passes the signature back to the application, which completes the handshake and establishes the TLS session. At no point does the private key cross any boundary; only the request and the resulting signature move between the layers.
Separation of Duties, Dual Control, and Split Knowledge
Modern security architectures are no longer based on technology alone, but also on properly configured processes. When working with cryptographic systems, principles such as Separation of Duties, Dual Control, and Split Knowledge are therefore frequently applied.
Separation of Duties means dividing authority among several administrators. For example, one person manages the infrastructure, a second handles security policies, and a third approves cryptographic operations. The goal is to prevent any single person from gaining full control over the entire system.
Dual Control requires that critical operations be approved by at least two authorized individuals. This principle is used, for example, when initializing an HSM, exporting keys, or restoring cryptographic systems after an incident.
Split Knowledge goes even further and ensures that no one person knows the complete cryptographic secret on their own. The secret is divided among multiple people, and using it requires the cooperation of several administrators. This model is often used in the military, banking, and government systems.
HSM and KMS as Protection Against Ransomware
Ransomware groups today do not attack only production systems. Very often they also attempt to compromise backups, administrator accounts, or the cryptographic infrastructure itself. If an attacker obtains the encryption keys, they can gain access to sensitive data or undermine the organization’s ability to recover its systems after an attack.
The combination of HSM and KMS significantly increases an organization’s resilience against such attacks. Even if an attacker compromises a server or gains administrator privileges, the cryptographic keys remain isolated within the HSM device. At the same time, a KMS makes it possible to monitor key usage in detail and immediately identify suspicious operations.
It also plays an important role in protecting backups. Modern backup systems often use HSM and KMS to protect encryption keys, preventing attackers from accessing backed-up data even if the storage is compromised.
Compliance with Regulations and the NIS2 Directive
The European NIS2 Directive significantly tightens cybersecurity requirements for organizations operating in critical sectors. Organizations must demonstrate the ability to manage risks, monitor security incidents, and protect sensitive data using modern security technologies.
HSM and KMS significantly help organizations meet these requirements. They provide a high level of auditability, secure management of cryptographic keys, and the ability to implement advanced security policies. In addition to NIS2, they help organizations achieve compliance with other standards as well, such as GDPR, PCI-DSS, ISO 27001, and NATO security requirements.
The Future of Cryptographic Security
Cybersecurity is constantly evolving, and cryptographic technologies are evolving along with it. In the future, even greater use of HSM and KMS systems is expected, particularly in combination with concepts such as Zero Trust Architecture, confidential computing, and post-quantum cryptography.
Preparing for quantum computers, which could threaten today’s cryptographic algorithms in the future, is another significant topic. HSM manufacturers are already working on support for post-quantum algorithms and on flexible cryptographic architectures capable of responding to new threats.
At the same time, organizations will increasingly automate the management of cryptographic processes and integrate security mechanisms directly into DevOps and cloud environments.
Conclusion
Protecting cryptographic keys is today one of the most important areas of modern cybersecurity. Encryption alone is no longer enough; organizations must also ensure the secure generation, storage, and management of cryptographic secrets.
HSM and KMS technologies provide a robust foundation for a security infrastructure capable of withstanding modern cyber threats, including ransomware and data breaches. An HSM provides physical protection of cryptographic keys at the highest level, while a KMS ensures centralized management, auditing, and automation of cryptographic processes.
In an era of growing regulatory requirements, digitalization, and increasingly sophisticated attacks, implementing HSM and KMS is becoming not just a technological advantage, but increasingly a necessity for organizations that want to operate securely in the digital world.
Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for them.