Yubico, the provider of authentication and encryption hardware devices for the modern web, launched the YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways. The product delivers the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications.
The YubiHSM 2 differs from traditional HSM models — historically limited in use by cost, size, and performance — by offering advanced digital key protection capabilities and benefits at a price within reach for all organizations. Delivered in an ultra-slim “nano” form factor, the YubiHSM 2 fits inside a USB port, eliminating the need for bulky additional hardware, and offers flexibility for offline key transfer or backup.
Essential security features, including hashing, asymmetric, and symmetric cryptography, are supported by the YubiHSM 2 to protect cryptographic keys while at rest or in use. These keys are most often used by certificate authorities, databases, code signing, and more, to secure critical applications, identities, and sensitive data in an enterprise. Furthermore, the integrity and privacy of commands and data in transit between the application and YubiHSM 2 are protected using a mutually authenticated, integrity and confidentiality-protected tunnel.
“It’s estimated that 95% of all IT breaches happen when a user credential or server gets hacked. For years Yubico has been protecting user accounts from remote hijacking with our unphishable YubiKey authentication devices, but we knew that millions of servers storing sensitive data were still lacking physical security,” said Stina Ehrensvard, CEO and founder, Yubico.
“It was important to us that we brought a solution to market that embodied the signature Yubico standards of high-security, convenience, and affordability. Now, with the addition of YubiHSM 2, we can enable critical server security for organisations worldwide — regardless of size or budget.”
Common use cases for the YubiHSM 2 include protecting cryptographic keys stored on servers used in data centres, cloud server infrastructures, manufacturing and industrial services.
Critical security benefits include:
- Secure Microsoft’s active directory certificate services – YubiHSM 2 provides a cost-effective hardware-backed key to secure digital keys used in a Microsoft-based PKI implementation. Deploying YubiHSM 2 to Microsoft Active Directory Certificate services not only guards the CA root keys but also protects all signing and verification services using the root key.
- Enhance protection for cryptographic keys – YubiHSM 2 offers a compelling option for secure generation, storage and management of digital keys including essential capabilities to generate, write, sign, decrypt, hash and wrap keys.
- Enable hardware-based cryptographic operations – YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications. The most common use case being hardware-based digital signature generation and verification. The YubiHSM 2 features can be accessed through Yubico’s Key Storage Provider (KSP) for industry-standard PKCS#11 or Microsoft’s CNG , or via native Windows, Linux and macOS libraries.
Additional features include, optional network-sharing, role-based access controls, remote management, M of N wrap key backup and restore, tamper evident audit logging, concurrent connections (up to 16), and extensive cryptographic capabilities (RSA, ECC, ECDSA (ed25519), SHA-2, and AES).
For more information on the YubiHSM 2, click here. Units are available for purchase here for US $650 (€557.29). To learn more about Yubico and the company’s products and ecosystem, please visit the website.