HSM

A Hardware Security Module (HSM) is a physical computing device that safeguards and manages cryptographic keys within a tamper-resistant hardware environment. HSMs perform cryptographic operations (signing, encryption, key generation) without exposing private keys to the host system. They are used for root CA operations, payment processing (PCI-DSS requires HSMs for PIN verification), and code signing. Cloud HSMs (AWS CloudHSM, Azure Dedicated HSM) provide HSM capabilities without managing physical hardware.

Why it matters for your website

• 1Foundational principle in modern security — harder to retrofit than to build in from the start
• 2Reduces breach impact by limiting what attackers can access if they get in
• 3Required control in ISO 27001, NIST CSF, and most compliance frameworks