We installed Thales Luna HSM and generated the partitions to integrate with multiple databases like Mongo, Oracle, SQL, or MySQL, and transfer the keys from the databases to the HSM to secure these keys from compromising. Thales Luna HSM is working as a safe where we transfer and migrate keys from the database to Thales Luna HSM using CipherTrust Manager that connects with Thales Luna HSM. We also work on other projects such as digital signature.
Has strengthened data protection by encrypting existing keys and enabling multi-platform integration
What is our primary use case?
What is most valuable?
The most valuable capability for Thales Luna HSM is saving the keys, migrating and encrypting them by adding encryption above the encryption they are already encrypted with. Migrating the keys from the safe and from the databases is a huge processing task, and it works smoothly without any issues. Sometimes we face issues while integrating with new databases, but it almost works smoothly without any problems or challenges.
The data encryption capabilities of Thales Luna HSM improve data security for our customers by encrypting the keys that are already encrypted in the database with multiple algorithms such as RSA, MD5, and SHA.
Data encryption capabilities improve security by protecting the keys, migrating the keys to the HSM, and allowing us to take a backup from Thales Luna HSM or migrate the keys. By encrypting the keys that are already encrypted, it adds a new layer of security that can save the databases from being compromised if someone hacked it, as they will not find the keys. They will only find the database that is encrypted without any keys that can help them. They will not compromise the data and the keys in the same safe or in the same partition. This is the most valuable aspect of the HSM, specifically Thales Luna HSM, along with other capabilities such as digital signature functionality.
Thales Luna HSM integrates with multiple security platforms such as F5, Palo Alto, and SIM solutions such as any syslog server we are working with. SIM solutions work smoothly with it, and it can monitor the HSMs and check their performance easily. Anyone from the security team can check Thales Luna HSM's performance.
What needs improvement?
Thales Luna HSM can be improved by enhancing integration with databases because databases have multiple commands, but it works fine. If we have good knowledge of databases such as Mongo, SQL, or Oracle, it would be beneficial. Sometimes we face a few problems and challenges in integrating and migrating the keys to HSM, but troubleshooting is easy because it has steps to follow, and if we work through these steps one by one, it will surely work fine.
For how long have I used the solution?
We have been working with Thales Luna HSM for about two years.
What do I think about the stability of the solution?
Sometimes we face challenges with utilization, but it only happened for one or two customers, and the technical support helped us very well in these situations.
The HSM utilization was full at 100 percent, causing it to turn off and the applications to go down. We had to restore the most recent stable version for HSM and upgrade or downgrade it. We believe they solved these issues in the next firmware patches as we upgraded the HSM in this situation.
How are customer service and support?
We rate the technical support a seven out of ten.
We rated them a seven because they answer immediately when we are working on critical problems, but sometimes they are late in answering when it is low or moderate urgency, taking some time to respond in those situations.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup and deployment of Thales Luna HSM is very good, very smooth, and familiar for anyone, even juniors working for the first time. It will be easy for them, even in CLI, which is usually complicated, but it is familiar and good.
Which other solutions did I evaluate?
There is a competitor for Thales Luna HSM that mentioned their price is 50 percent less than Thales Luna HSM for a general-purpose HSM.
What other advice do I have?
The user interface is not an issue because Thales Luna HSM works on CLI, so there is no web interface. It is like any command line interface, and it works smoothly when we install the Thales Luna HSM client. We do not face any challenges or problems with it.
Pricing is all about the sales team and the management.
Thales Luna HSM has already improved the partition functionality.
We do not want to improve anything about the technical support. Our overall rating for this solution is ten out of ten.
Which deployment model are you using for this solution?
On-premises
