Considering outsourcing your Payment HSMs?
At MYSHM, we’ve devised a way for organisations that require Payment HSMs to offload their management and their associated PCI PIN compliance burden onto us, whilst saving the organisation lots of money along the way. But the fact is, the underlying importance of Payment HSMs as part of an organisation’s critical infrastructure and the fundamental impact of them on a company’s operation and growth plans tends to be overlooked and misunderstood, often written off as a necessary cost with no alternatives available.
So how can businesses offload something they haven’t even fully got to grips with? And what are the benefits of outsourcing the payment HSMs and working with a partner who will provide these as part of a full end-to-end managed service?
Well, we’re here to explain what this means, and whether it could work for you.
What is a managed service?
A managed service, like almost any service you outsource, is like gaining an entire department for your business, without having any of the responsibility. Essentially, if you outsource your IT or a specific IT infrastructure or business services, you’ll gain a department to take over and improve daily management tasks, with the option of scaling the service up or down. However, this can apply for a range of internal processes and functions.
Whilst the outsourcing of specific functions may be quite common in industry today; for payments businesses such as FinTechs, banks and PSP’s that need Payment HSMs to comply with industry standards, have you ever considered outsourcing your Payment HSMs estate?
What are the benefits of a MYHSM managed service?
Typically, the first significant benefit that comes to mind when thinking about a Fully Managed Service for Payment HSMs is that you no longer have to fork out the capital expenditure to buy and maintain your physical devices along with the secure data centre infrastructure where they are deployed, not to mention the costs of the staff that are required to manage them and the overhead of maintaining your PCI PIN compliance. With a subscription service however, you simply pay a small monthly fee which is linked to your usage levels. However, other equally important benefits include:
- Reassurance that this mission critical function of your business is deployed in the safest possible data centre platform in the world. Equinix have invested more than $22Bn in capital since 2010 on their interconnected data centres, much more than even the biggest banks in the world could afford.
- Improved risk management with increased resilience. The service provides access to shared or dedicated groups of Payment HSMs across multiple Equinix data centres minimising service disruptions and delivering 99.999% availability.
- An efficient means of staying up-to-date with the latest Payment HSM models and their firmware & patches. MYHSM currently uses Thales PayShield 10K’s.
- Gaining access to specialised industry skills to set up, maintain and monitor this mission critical payment infrastructure.
- Achieving greater productivity since it enables you to focus your resources and efforts on other key areas of your business.
- A flexible and dynamic model which can scale to your organisation’s needs.
- A short deployment time in days rather than months.
- An online customer portal to provide peace of mind and full visibility of service performance and usage, as well as significantly increasing the efficiency around key management and key exchange processes and their logistics.
As well as this, with the MYHSM managed service your PCI PIN responsibilities are significantly reduced. MYHSM PCI PIN compliance is maintained and recertified every 24 months and an Attestation of Compliance and other relevant documentation is available to your auditors for your own overall certification.
How do I know if a managed Payment HSM service is right for my business?
Essentially, using a managed service makes everyone’s job easier as it allows people to focus on their core tasks rather than being distracted by extraneous issues. This can occur when resources are stretched, meaning that certain tasks don’t have an allocated department or staff member/s to give them the attention they merit. But when the security and performance needs of those tasks are critical to the organisation, they end up eating into other people’s time and thereby taking away from what they can achieve within their own dedicated roles.
However, working with a Payment HSM managed service provider can ensure those needs are taken care of, while saving companies the cost of the department they would usually need to dedicate to them. Not only this, but as managed services can be scaled up or down according to need, they tend to be much more cost effective than running the services internally.
In essence a managed service should be considered when particular processes, infrastructure and people like those associated with Payment HSMs are expensive to maintain but don’t necessarily provide any competitive advantage.