global airline operations- hsmS AS CRITICAL INFRASTRUCTURE

OVERVIEW:
A large global airline understands that its PKI (Public Key Infrastructure) environment – and the HSMs (Hardware Security Modules) that protect keys and provide secure crypto operations – have become a core part of its operational infrastructure. No longer limited to simply website SSL encryption, PKI now protects the purchasing of tickets, generation of boarding passes, acceptance of payment for on-board food and beverages, and even registration of pilots to the cockpit of aircraft. Without bulletproof PKI, no one buys, and nothing flies.

Accutive was engaged by the airline as part of a full-scale review and replacement of its PKI stack and supporting hardware security modules after an audit discovered significant deficiencies with a non-trivial risk of outages. Such outages can disrupt world-wide operations and severely impact the business and its customers.

APPROACH:
The Accutive team worked to stabilize, upgrade, document and monitor the HSMs across the enterprise:

  • Full inventory of all hardware, installed firmware/software levels, and license usage
  • Modernized storage of password and hardware token storage to meet best practices and full audit trail generation
  • Replaced aging hardware, which included transferring key material and clients to new devices
  • Added new hardware in additional data centers for more robust availability
  • Documented, tested, and performed backup and disaster recovery operations
  • Recommended centralized inventory and operations management software for HSMs in all environments across multiple brands and data centers
  • Trained multiple airline personnel in the operation and support of HSMs
  • Provided standard operating procedures for all common maintenance and deployment tasks customized for the airline

RESULTS:

  • Complete and verified backup procedures means no more worry of losing HSM key material and the ability to operate the entire PKI stack
  • Secure and auditable storage for HSM access materials helps minimize risk of failing audits
  • Uniform deployment of HSM versions and licenses, combined with central inventory and monitoring, allows proactive deployment of additional capacity before it is required
  • Distribution of HSMs to multiple data centers across the continent, together with fully tested backup and disaster recovery operations, means no more worry about loss of business operations due to failed HSMs

TECHNOLOGIES USED: Thales / Gemalto Luna network and backup HSMs, client software, Crypto Command Center platform

SERVICES PROVIDED: Requirements and Design, Implementation, Documentation, Testing and Training

CLIENT AND INDUSTRY:  Airlines