Case Study: Securing Mail Transactions in Any Form

Encrypting information and keys in hardware

What’s the best way to secure sensitive customer data?

That’s the question faced by Royal Mail, Britain’s postal service. Like other post offices around the world, Royal Mail offers its customers a number of services via its Web site, such as the ability to check postal codes online, track mail and parcels, and pay bills. Later this year, it plans to launch a stamp-printing service so users can print stamps, via the Web site, directly onto envelopes.

As with any customer-facing organization, keeping customer data—including credit card numbers and bank information—secure isn’t just a concern. It’s mandatory for getting repeat business.

While Royal Mail doesn’t have to meet any data privacy regulations—at least not yet—there are other mandates to worry about. “We are very aware of the European Union’s Data Privacy Directive, and are trying to stay ahead of the game,” says Martin Roe, security and integrity manager for Royal Mail eBusiness. The directive, which covers EU member states, aims for transparency in information collection. While it’s up to individual countries to translate the directive into laws, it stipulates careful handling of private information, mandates individuals consent to each piece of personal information collected from them, and that any data transferred to a non-EU country must be similarly protected.

Royal Mail also has consumer opinion to consider. Today, according to surveys, “Royal Mail is consistently in the top three brands for trust in the UK, and we want to ensure that this trust remains for our online presence,” says Roe. Theft of Web site information could weaken consumers’ view of the overall establishment.

So Royal Mail decided it needed to store and retrieve confidential customer information and ensure it was never saved in clear-text format. “A specific driver was the requirement to store credit card data online for subscription services. We felt that full encryption was the best way to ensure this was secured,” says Roe.

Roe evaluated a number of products, though he declines to name them. Some offered software-based encryption, but he demurred. “We considered deploying software-based encryption products, but when it became clear that the security of the encryption keys could not be guaranteed, we decided to adopt a more secure approach and establish a tamper-resistant, hardware-based security environment.”

Roe ultimately selected nCipher’s nShield, which uses hardware security modules (HSMs) to handle encryption and decryption of sensitive information. Royal Mail also used the Ciphertools development kit from nCipher to customize its nShield installation. Now HSMs handle any sensitive information passed back and forth from application server to back-end database, decrypting it as necessary or encrypting it for storage.

Taking the time to understand the product, its capabilities, and where it fits into enterprise systems is a must for security managers considering this type of technology, notes Roe. After he came up to speed on how the product worked, though, he says the rollout went very smoothly. It was “on time, on budget,” he says, noting the vendor responded quickly to questions. nCipher is “probably the most supportive organization I have worked with for quite some time.”

Today the hardware supports Royal Mail’s Web site, which averages more than three million visitors per day. “[The nCipher product] runs quite happily performing the job we bought it for—it’s easy to forget that it’s there sometimes,” Roe observes.

One feature he would like, however, is an extension of Ciphertools to Java. “We would like the internal programming language extended for Java programmers, as we are a Java shop,” he notes. Still, “it’s not too much of an issue, as we have a separate development path for secure code. It would be nice, however, to not have to have a developer with specialist skills.”

In the future, Roe plans to secure more data using the product. “Now that we have the capability, we will be extending encryption to other sensitive data, particularly when this is of a personal nature. We are aiming to ensure that all data passed into our care is encrypted.”

Related Story:

Sharing Hardware Cryptography No Longer Enough

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.