“Is this any good? Will it last?” Sometimes these questions are thrown directly at us, sometimes they are just written in our clients’ faces. In the end, everybody wants to know how we can guarantee not just the safety and security, but also the quality and reliability of our products.
So how do we ensure that our customers have the very best products in their data centers? In this blog, I will give you some insight into how we control the quality and security of our products – all the way from manufacturing to putting them into operation in our customer’s data centers.
To the surprise of many, we manufacture our products in Switzerland. Building our Hardware Security Modules (HSMs) in Switzerland has many advantages. We can supervise production personally and step in in real time. Communication is simple and clear because we have the same culture and mindset as our manufacturers. In addition to that, Swiss manufacturing is recognized as being the best in the world. Of course, the exception to that rule is when you’re in Germany, where they claim it’s only almost as good as their own. Either way, Swiss Made has a potent ring to it worldwide.
Securosys’ physical HSM boxes are built by our contract manufacturers GPV and Enics at two different locations in Switzerland. They operate assembly lines similar to those run by the Flextronics of the world, just at a smaller scale. Since almost everything is automated, our manufacturing costs are only slightly higher than they’d be in Taiwan or Shenzhen. However, our reaction time to get to the production lines is measured in hours instead of days, which is a big benefit.
Manufacturing in Switzerland may be slightly costlier, but the advantages are plentiful.
After an HSM has been completely assembled, it is checked with special testing software to confirm that all the components work as specified. Our production partners then run the HSM in a special oven for the so-called “burn-in”, a temperature-accelerated aging process. There, all components are exposed to stress during several low-to-high temperature cycles. Any failures are sent back to the manufacturing line.
The units that pass the testing procedure are shipped to Securosys headquarters in Zurich. Here, every box is opened up again and partly disassembled. We want to ensure no unwanted components were added during transport. To document this, we take a picture of each unit’s circuit board.
Even when not connected to a power supply, the Securosys Primus HSMs constantly check for manipulation and tampering.
The latest firmware and software versions are only uploaded after the box has passed this inspection. A Lithium battery, which will last for over ten years, is added and the HSM is activated. A digital seal is generated by the HSM’s own true random number generators. It is stored internally and also sent to the customer on a secure channel. Thanks to the long-lasting Lithium battery, the HSMs run a supervisory system that checks for tampering even when they aren’t plugged in. Should any kind of manipulation occur, the internal digital seal will be erased. The customer can verify the presence of the digital seal when starting up the HSM. In a nutshell, any attempt to open the HSM and manipulate it during transport or storage is noticed right away and reported for the unit’s operator.
Before sending the box to our customer, we perform yet another test to further increase its reliability. Each HSM is run at maximum performance for two to three days while located on a special rack. Like the “burn-in”, this “run-in” process helps us find weak spots that may have been left over from manufacturing. After going through this procedure successfully, all units are expected to have the capacity to run for many years, way beyond the warranty expiration date.
Before sending a HSM to our customers, each box is exposed to greater stress than anything it would be expected to endure during its actual lifetime operation.
HSMs have to fulfill the highest security requirements. These include FIPS as well as Common Criteria validations and certifications. In addition, buyers often want to perform their own review of the source code and blueprints – something that Securosys, as opposed to others in this industry, offers to its customers.
HSMs don’t just have to attain the highest security available – they also have to reach the best possible reliability. Nobody wants to be forced to constantly swap out their security equipment. HSMs are enterprise products. That’s why at Securosys, we go way beyond the typical standards and procedures used for electronics!