The present disclosure in some embodiments provides a security system using both key management service (KMS) and a hardware security module (HSM), and a method of operating the security system. At least one embodiment provides a security system including an HSM, a bootstrapping enclave, and one or more KMS enclaves. The HSM is configured to generate, replace or remove a root key, the HSM being physically independent. The bootstrapping enclave is configured to receive the root key from the HSM. The one or more KMSs are configured to perform an attestation procedure with the bootstrapping enclave, to receive the root key from the bootstrapping enclave, and to utilize the root key for establishing a secure channel with the HSM.