Hardware Security Module Integrations

Your privileged credentials secure access to your most sensitive systems. But these powerful credentials can be compromised via shoulder surfing, key loggers, social engineering or similar attacks. To protect privileged accounts, an elevated level of security must be employed.

BeyondTrust Privileged Identity can utilize hardware based encryption to securely store high value credentials and protect them from unauthorized access.

PKCS #11 and FIPS 140-2 Security

Even when keys are encrypted, software debuggers can locate and access the decryption key, allowing critical data to be compromised.

BeyondTrust Privileged Identity stores current privileged passwords as an encrypted value in its database. It integrates with any PKCS #11 hardware device, and allows the HSM device to perform the cryptographic functions. The keys required to encrypt or decrypt the passwords are never stored in system memory, so there is no risk of software debuggers locating the keys and accessing the protected data.

Hardware-based encryption provides Privileged Identity with a secure key management and encryption subsystem independently validated to FIPS 140-2 levels 2 and 3, and Common Criteria EAL 4+.

Integrations with Leading HSM Products

This cross-platform privileged identity management solution integrates with Entrust nShield, Gemalto SafeNet, Ultimaco and other hardware security modules that interface with a PKCS#11 interface library.