Comment Re:What happened to certificate stapling? (Score 1) 233
Well, for one thing, your HSMs are never anywhere near a network, so there's no possible way to back door in to them without gaining physical access. Then it's just a matter of making sure they stay physically secure.
Unless the "back door" is something like reducing the randomness of key generation, or leaking bits in IVs, or... and many HSMs that serve on-line systems are on networks. They should be as isolated as possible, and of course well-secured physically, but nothing is perfect, employees with physical access can be bribed or coerced, etc.
If you assume your opponent has the resources of a major government agency, and may have colluded with your vendors, securing your data is a really, really hard problem. It's not impossible if you have the resources, but it's far from easy.