In this episode of the Futurum Tech Webcast – Interview Series, we tackle the topic of why hardware security module (HSM) adapter technology, including HSM-as-a-service, is vital to ensuring general purpose and payment processing security across today’s multi-cloud environments. Marvell’s introduction of its LiquidSecurity 2 (LS2) solution builds upon the company’s well-established portfolio which is already proven at scale throughout the world’s largest hyperscale clouds. The new Marvell LS2 is designed to empower hyperscalers and cloud providers to develop HSM-as-a-service for secure key management, authentication, and encryption across a wide array of industry verticals.
My guest today is Amer Haider, VP Product Management Security Solutions Business Unit at Marvell Technologies, a top-tier semiconductor company. Amer is a new guest on this show, and shrewdly shares his insights and perspective on the direction of the HSM market segment and its vital role across multi-cloud environments.
For the foundation of our discussion, we addressed what is HSM technology, its origins, and why it provides essential encryption, key management, and authentication capabilities throughout today’s hyperscaler networks. From our perspective, HSM implementations are moving beyond on-premise implementations to hyperscaler and hybrid clouds.
Today, Marvell’s LS2 solution offers the high-performing cryptographic acceleration and processing, FIPS certification, including hardware-secured storage of up to one million encryption keys for Advanced Encryption Standard (AES), RSA, and elliptic curve cryptography (ECC) encryption, and 45 partitions, key to enabling robust multi-tenant use cases and boosting HSM adoption across multi-cloud environments.
Our conversation focused on the following:
- The invention of HSMs by Dr. Mohamed Atalia in 1972 and why HSMs are more secure than software, especially in keeping your keys safe.
- The biggest users of HSMs including especially include banks that use them for credit card purchases to assure secure transactions including user and merchant information.
- The challenges involved in broadening the adoption of HSMs including considerations such as encryption inertia (taking security for granted), costs of legacy on-premise implementations, and regulations related to data breaches.
- We examined how Marvell’s taking HSM to the cloud, i.e., HSMaaS, benefits the entire security ecosystem by lowering costs, expanding the market to include more SMB encryption support, and giving cloud service providers new revenue streams.
- How the Marvell LS2 solution builds on the success of the initial LiquidSecurity portfolio by providing advances such as delivering up to 120K ECC operations per second, tenfold increase in keys supported, and substantially lowering costs per key stored and per partition.
- How Marvell takes advantage of improvements in processing power to ease HSM adoption in clouds and key use case examples of how decision makers are using new LS2 capabilities to make the world a more secure place.
You can watch the video of our conversation here (and subscribe to our YouTube channel while you’re there):
Or grab the audio by way of your favorite streaming platform:
Don’t Miss An Episode – Subscribe Below:
Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.
Other insights from Futurum Research:
Ron Westfall: Hey everybody. Welcome to another episode of the Futurum Tech Webcast. I’m your host, Ron Westfall, research director and senior analyst at Futurum Research and we’re truly excited about this one as we have Amer Haider from Marvell today. And we’re going to talk about a truly hot topic, and that is security. As security dominated the high headlines this summer, in fact, so much so that we can call the summer of 2022, the summer of security. And so I believe we have excellent timing. And with that, Amer, tell us about yourself, your background and your role at Marvell.
Amer Haider: Hi Ron. It’s really a pleasure to be on the episode today. I started my career at Cavium. Cavium was a company that was founded way back in 2001 as a security processor company. Cavium was acquired by Marvell, but before it getting acquired, I had left Cavium and now I’m very excited to be back at Marvell running the security business unit.
Ron Westfall: That’s great, and it’s wonderful to have you on today, and that’s especially because we’re shining the spotlight on one key aspect of security, and that is the hardware security module, also known as HSM. And with that, what is HSM and why is it so important to the security ecosystem?
Amer Haider: HSM stands for hardware security module. HSMs were created way back in 1972 by Mohamed Atalla. Mohamed figured that the security of encryption is dependent on protecting the encryption key. If the encryption key is lost, the security is lost. So Mohamed created this concept of a box of keys, which was of course later named HSM hardware security module. And this has become such a popular way to protect encryption keys that the US Government created a standard around this called the FIPSE-140 and now it has different versions. The latest version was FIPSE 140-2, which has just being retired. And now there’s FIPSE 140-3, which will be the new government standard for protecting encryption keys in hardware. Again, that’s called a hardware security module.
Ron Westfall: I imagine banks would be the heavy users of HSM, particularly, for example, credit card processing, something that most people use on a daily basis, and they don’t realize that HSM is playing a vital role in protecting those credit card transactions. And so that brings up a big question. If it’s so vital and important, how come there’s not broader adoption of HSM? What are some of the concerns and issues in terms of getting HSM to a broader implementation?
Amer Haider: What a great question. I’d like to use another analogy here regarding regulation. For example, until 1968, seat belts were not required by law, but they were still a great idea. You can watch some old movies and you’ll see young kids hanging out in the front seat of a car with no seat belt. Forget airbags. Until 1968 when the government mandated that everyone needs to wear a seat belt, did it become widely used. Now today, HSMs are only regulated or required in certain markets. For example, some certain government applications and the payment industry. But we see regulation coming that will expand the requirement of using HSMs in more markets. That’s number one that we see HSMs are going to be more broadly used. The second trend that we see here is that HSMs were quite difficult to use. Let me go back to that analogy of putting your password on a Post-it and putting on it on your computer. That’s the easiest thing to do. Just put your password right there in front of the computer. Everyone can come and use it, but it doesn’t add security.
Now imagine taking that Post-it and put it in a safe. That’s quite more difficult. You actually have to go to the safe, you have to enter a pin to open the safe, and you have to look at it and you have to put it back in. That was how HSMs were using the enterprise. You had to buy a separate appliance. You had to maybe buy multiple appliances to provide high availability, and then you needed to have detail expert staff to implement, operate, and manage those HSMs. And it was quite expensive. And each of these HSMs could cost 40, $50,000.
Now, there’s a huge trend in the HSM market. You can use an HSM in the cloud, and any developer with just a couple API calls can store their application encryption key right into the HSM for just a couple of dollars an hour. That’s a huge shift. The second trend is using cloud HSMs or HSMs as a service to provide convenience. And so the two trends I talked about to just recap, first is regulation and requirement. That’s how we see HSMs growing. And the second is the convenience. So you’ll see more applications using HSMs, which previously are not regulated by industry or by the government, but want to go towards the best practice because it is more convenient and easier.
Ron Westfall: Makes sense, Amer. In fact, I think it really brings up the opportunity to talk about, these are real challenges and they’re being addressed and the cloud is playing an integral role in that. And so naturally we are wondering what does Marvell bring to the table to help this along? How does Marvell enable customers to optimize the cloud in order to make their HSM capabilities all the more powerful?
Amer Haider: HSM as a service is being offered by pretty much all the major cloud providers. Amazon, Google, Oracle, Microsoft and others are offering cloud or HSMs as a service in the cloud. And so to create that service, what the cloud and the hyperscalers need, are high performance processing HSMs with virtualization and secure partitioning because they need to take one HSM, slice it into multiple HSMs, and then sell or resell each HSM as a service with metering. This is what’s happened in the compute and storage space. Today if you want to go and get a server, no one buys a server, you just go to the cloud and say, “I want a portion of a server, or I want the entire server dedicated to myself,” and you pay for that. So similarly, to offer HSM as a service, the cloud providers needed this high performance virtualized HSM, and that is what Marvell has brought to the market. We were the industry setting standard for providing HSMs with multiple partitions and high performance encryption that has allowed hyperscalers and cloud providers to build HSMs as a service.
Ron Westfall: That’s, I think, vital. I think that’s really bringing to the forefront why HSM capabilities are vital to enabling security on any level. And so with that in mind, please provide those other classes of example, Amer.
Amer Haider: Another one would be, example of enterprise protecting their own internal data. So for example, enterprises need to protect or secure their own data from either internal threats or external threats. And to do that, they need to protect the keys that encrypt the data. Now, where do they keep these keys? I mentioned earlier many some practices say you just keep the keys in the database, or you’ll keep the keys in some type of software application, but that’s not the gold standard for protecting your encryption keys. The gold standard is you take those keys and you create them inside the HSM so they never leave the hardware security module boundary or security boundary. And in some cases, the key actually never leaves the HSM. You send data to the HSM, encrypt, decrypt there inside the HSM, and then that way the key can never be compromised because it never leaves the security boundary.
So that’s another a way where enterprises will use HSMs to increase their level of security by keeping the keys inside the HSM boundary. Another area that is actually regulated by industry is the banking and the credit card transaction area and credit card transaction processing HSMs are required to process every swipe or every purchase you’re making or every credit card that’s being issued will be issued through an HSM. So that’s an entire industry that uses HSMs. Now, these HSMs, like I mentioned, were previously used on-prem, but we see a massive transition moving to the cloud with more and more applications being hosted in the cloud. It’s just natural that they’ll be using HSMs in the cloud as opposed to keeping them on-prem.
Ron Westfall: Yeah, the cloud, that’s definitely going to be instrumental in being able to take advantage of these HSM capabilities. In fact, what are the technical requirements to enable HSM on the cloud on an optimized basis? What is Marvell bringing solution wise to enable customers to really take advantage of HSM as a service across the cloud environments?
Amer Haider: Ron, to enable the cloud and HSM as a service, Marvell provides the industry leading PCI adapters. These are PCI express cards that are NIST FIPS certified and that can be plugged into servers. The PCI express card provides the best performance per dollar performance per watt and performance density available in the market, along with a software development kit that enables hyperscalers and enterprises to build an HSM as a service for their external and internal users.
Ron Westfall: So Amer, you mentioned internal customers and external customers. What does that entail? What are these different types of environments that you’re referring to?
Amer Haider: Ron, thanks for asking that question. There are hyperscalers that are building HSM as a service for the public cloud. So that means any developer can connect to one of the hyperscaler cloud service and start using an HSM. That’s what I mean by external customers. Now, there are many enterprises that want to create a private cloud and with HSMs and offer HSM as a service to their internal customers.
For example, a large social site that wants to generate keys for their internal consumption and store encryption keys for their internal consumption. Those are the folks I call internal customers. But again, it’s the same process that, for example, a large bank would want to create an internal HSM as a service that’s going to service their internal customers for folks who are maybe issuing credit cards or doing credit card provisioning or transaction processing. That would be an internal customer versus an external customer.
Ron Westfall: And that sets up my next question. There is this exciting announcement coming out from Marvell about LiquidSecurity 2. What is this about? What can folks expect from this announcement?
Amer Haider: We’re really excited about launching our brand new LiquidSecurity 2 HSM family. Our existing product family called LiquidSecurity 1, was announced over four years ago. So you can imagine with this new processor family, we’ve improved the performance and performance density by leaps and bounds. Our asymmetric encryption performance has improved by 10 X over LS1 for elliptical curve cryptography, and we’ve improved our bulk encryption by over three X for AES.
Ron Westfall: And that sounds very exciting, Amer. In fact, we all want to know what is this going to enable in terms of new capabilities, new markets, new applications, and so forth. What is Marvell enabling in this regard?
Amer Haider: Ron, our LS2 is helping hyperscalers and enterprises to create HSMs as a service that improve convenience, have higher performance and lower cost. What this will do is enable more and more application and application developers to utilize the gold standard of protecting their encryption keys in HSMs. If we move to a world, we’re all encryption, keys are stored in hardware, the world will be a safer place. So LS2 is empowering our customers to make the world a safer place.
Ron Westfall: And that’s a high note, Amer. That I think is something that will definitely encourage broader adoption of HSM technology across the entire security ecosystem. From my view, Marvell’s LiquidSecurity 2 is bringing the breakthroughs and innovation needed to make the world a truly safer place. And with that, thank you everybody for joining today’s webcast and have a great, secure day. Good day all.
Ron is an experienced research expert and analyst, with over 20 years of experience in the digital and IT transformation markets. He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including software and services, infrastructure, 5G/IoT, AI/analytics, security, cloud computing, revenue management, and regulatory issues. Read Full Bio.