Yubico, the leading provider of authentication and encryption hardware devices, has today unveiled the YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways.
Must read: Apple's iPhone X gamble shows signs of backfiring
But the YubiHSM 2 is different to existing HSM devices in that it is an ultra-slim "nano" USB key that slots inside a USB port, doing away with the need for bulky additional hardware, and offers flexibility for offline key transfer or backup.
YubiHSM 2 features include:
- Secure Microsoft's Active Directory Certificate Services: YubiHSM 2 provides a cost-effective hardware-backed key to secure digital keys used in a Microsoft-based PKI implementation. Deploying YubiHSM 2 to Microsoft Active Directory Certificate services not only guards the CA root keys but also protects all signing and verification services using the root key.
- Enhance Protection for Cryptographic Keys: YubiHSM 2 offers a compelling option for secure generation, storage and management of digital keys including essential capabilities to generate, write, sign, decrypt, hash, and wrap keys.
- Enable Hardware-Based Cryptographic Operations: YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications. The most common use case being hardware-based digital signature generation and verification. The YubiHSM 2 features can be accessed through Yubico's Key Storage Provider (KSP) for industry-standard PKCS#11 or Microsoft's CNG, or via native Windows, Linux, and macOS libraries.
- 16 concurrent connections: Multiple applications can establish sessions with a YubiHSM to perform cryptographic operations. Sessions can be automatically terminated after inactivity or be long-lived to improve performance by eliminating session creation time.
- Remote Management: Easily manage multiple deployed YubiHSMs remotely for the entire enterprise -- eliminate on-call staff complexity and travel expense.
- "Nano" form factor, low-power usage: The "Nano" form factor allows the HSM to be inserted completely into a USB-A port so it's completely concealed -- no external parts that protrude out of the server back or front chassis. It uses minimal power, max of 30mA, for cost-savings on your power budget.
- Broad platform support: Linux, Windows, and macOS.
Additional features include, optional network-sharing, role-based access controls, M of N wrap key backup and restore, tamper evident audit logging, and extensive cryptographic capabilities (RSA, ECC, ECDSA (ed25519), SHA-2, and AES).
"It's estimated that 95 percent of all IT breaches happen when a user credential or server gets hacked. For years Yubico has been protecting user accounts from remote hijacking with our unphishable YubiKey authentication devices, but we knew that millions of servers storing sensitive data were still lacking physical security," said Stina Ehrensvard, CEO and Founder, Yubico. "It was important to us that we brought a solution to market that embodied the signature Yubico standards of high-security, convenience, and affordability. Now, with the addition of YubiHSM 2, we can enable critical server security for organizations worldwide -- regardless of size or budget."
Units are available for purchase from Yubiko for $650.