We’re Building the Future of Data Infrastructure

Marvell Blog

Archive for the 'Security' Category

  • September 18, 2024

    Remembering Sehat Sutardja, Marvell Co-founder

    By Michael Kanellos, Head of Influencer Relations, Marvell

    Marvell co-founder, Sehat Sutardja, was a visionary leader, brilliant engineer, and a cherished colleague and friend to many at Marvell.

    Sehat’s journey began in Jakarta, Indonesia where he would build Van de Graaf generators and other devices with spare parts from his parents’ auto parts store. By 13, he was already a certified radio repair technician, showcasing his innate talent and curiosity. This early interest led him to pursue higher education in the United States, where he earned his bachelor’s degree in electrical engineering from Iowa State University, followed by a master’s and PhD in electrical engineering from the University of California, Berkeley.

    Stephen Lewis, now a professor of electrical and computing engineering at UC Davis, described Sehat as a perfectionist in an article for IEEE Spectrum. As students, they were building analog-to-digital converters. The traditional way to make them involved using two capacitors, one twice the size as the other. “He figured out a way to do it with two identical capacitors, increasing the amplifier speed by increasing its feedback. We had a solution that worked, but he kept digging until he found a better way to do it.”

    In 1995, Sehat, wife Weili Dai, and Sehat’s brother Pantas Sutardja founded Marvell Technology around a kitchen table. They chose the name Marvell because they wanted to build a company that could create ‘marvelous’ devices. The first product was a specialized read channel for hard drives that could be produced completely in silicon. Conventional wisdom was that the approach wouldn’t work, Sehat told students during a lecture at Berkeley in 2014. The device, however, reduced power consumption and production cost while elevating performance. Marvell soon became a trusted partner to many of the world’s leading technology companies.

    As an inventor and co-inventor, Sehat held over 440 patents. He was recognized as the Inventor of the Year by the Silicon Valley Intellectual Property Law Association and named a Fellow of IEEE. He also received the Indonesian Diaspora Lifetime Achievement Award for Global Pioneering and Innovation and frequently spoke at events such as the International Solid State Circuits Conference about the future of semiconductor design and computing.

    Beyond his professional accomplishments, Sehat was known for his humility, kindness, and generosity. He was a mentor to many, always willing to share his knowledge and insights. The Marvell team is grateful for his contributions and the legacy he leaves behind through his co-founding of our company.

  • July 11, 2024

    Bringing Payments to the Cloud with FIPS Certified LiquidSecurity®2 HSMs

    By Bill Hagerstrand, Director, Security Business, Marvell

    Payment-specific Hardware Security Modules (HSMs)—dedicated server appliances for performing the security functions for credit card transactions and the like—have been around for decades and not much has changed with regards to form factor, custom APIs, “old-school” physical user interfaces via Key Loading Devices (KLDs) and smart cards. Payment-specific HSMs represent 40% of the overall HSM TAM (Total Available Market), according to ABI Research1. 

    The first HSM was built for the financial market back in the early 1970s. However, since then HSMs have become the de facto standard for more General-Purpose (GP) use cases like database encryption and PKI. This growth has made HSM usage for GP applications 60% of the overall HSM TAM. Unlike Payment HSMs, where most deployments are 1U server form factors, GP HSMs have migrated to 1U, PCIe card, USB, and now semiconductor chip form factors, to meet much broader use cases. 

    The typical HSM vendors that offer both Payment and GP HSMs have opted to split their fleet. They deploy Payment specific HSMs that are PCI PTS HSM certified for payments and GP HSMs that are NIST FIPS 140-2/3 certified. If you are a financial institution that’s government mandated to deploy a fleet of Payment HSMs for processing payment transactions, but also have a database with Personally Identifiable Information (PII) data that needs to be encrypted to meet General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA), you would also need to deploy a separate fleet of GP HSMs. This would include two separate HW, two separate SW, and two operational teams to manage each. Accordingly, the associated CapEx/OpEx spending is significant. 

    For Cloud Service Providers (CSPs), the hurdle was insurmountable and forced many to deploy dedicated bare metal 1U servers to offer payment services in the cloud. These same restrictions that were forced on financial institutions were now making their way to CSPs. Also, this deployment model is contrary to why CSPs have succeeded in the past, which was to offer when they offered competitively priced services as needed on shared resources. 

  • April 15, 2024

    Infosec Global and Marvell partner to provide Crypto Agility in the Cloud

    By Bill Hagerstrand, Director of Security Solutions at Marvell

    InfoSec Global, a leader in cryptographic agility management analytics software, and Marvell, a leader in Cloud based HSMs (Hardware Security Modules), have partnered to enable visibility and security in the cloud.

    The Marvell® LiquidSecurity® family is a solution of hardware security modules (HSMs) based on a PCIe form factor instead of traditional 1U and 2U pizza boxes They are purposely designed to enable CSPs (Cloud Service Providers) to offer security services in a cloud environment. Not only does the smaller form factor and optimized processing of LiquidSecurity provide a path to reduce the cost, overhead, and rack space needed for performing encryption and key management, partitions and others performance features enable clouds to serve a large number of customers in a flexible manner.

  • June 13, 2023

    FC-NVMe Goes Mainstream for Next-Generation Block Storage from HPE

    By Todd Owens, Field Marketing Director, Marvell

    While Fibre Channel (FC) has been around for a couple of decades now, the Fibre Channel industry continues to develop the technology in ways that keep it in the forefront of the data center for shared storage connectivity. Always a reliable technology, continued innovations in performance, security and manageability have made Fibre Channel I/O the go-to connectivity option for business-critical applications that leverage the most advanced shared storage arrays.

    A recent development that highlights the progress and significance of Fibre Channel is Hewlett Packard Enterprise’s (HPE) recent announcement of their latest offering in their Storage as a Service (SaaS) lineup with 32Gb Fibre Channel connectivity. HPE GreenLake for Block Storage MP powered by HPE Alletra Storage MP hardware features a next-generation platform connected to the storage area network (SAN) using either traditional SCSI-based FC or NVMe over FC connectivity. This innovative solution not only provides customers with highly scalable capabilities but also delivers cloud-like management, allowing HPE customers to consume block storage any way they desire – own and manage, outsource management, or consume on demand.HPE GreenLake for Block Storage powered by Alletra Storage MP

    At launch, HPE is providing FC connectivity for this storage system to the host servers and supporting both FC-SCSI and native FC-NVMe. HPE plans to provide additional connectivity options in the future, but the fact they prioritized FC connectivity speaks volumes of the customer demand for mature, reliable, and low latency FC technology.

  • March 23, 2023

    How Secure is Your 5G Network?

    By Bill Hagerstrand, Security Solutions BU, Marvell

    New Challenges and Solutions in an Open, Disaggregated Cloud-Native World

    Time to grab a cup of coffee, as I describe how the transition towards open, disaggregated, and virtualized networks – also known as cloud-native 5G – has created new challenges in an already-heightened 4G-5G security environment.

    5G networks move, process and store an ever-increasing amount of sensitive data as a result of faster connection speeds, mission-critical nature of new enterprise, industrial and edge computing/AI applications, and the proliferation of 5G-connected IoT devices and data centers. At the same time, evolving architectures are creating new security threat vectors. The opening of the 5G network edge is driven by O-RAN standards, which disaggregates the radio units (RU), front-haul, mid-haul, and distributed units (DU). Virtualization of the 5G network further disaggregates hardware and software and introduces commodity servers with open-source software running in virtual machines (VM’s) or containers from the DU to the core network.

    As a result, these factors have necessitated improvements in 5G security standards that include additional protocols and new security features. But these measures alone, are not enough to secure the 5G network in the cloud-native and quantum computing era. This blog details the growing need for cloud-optimized HSMs (Hardware Security Modules) and their many critical 5G use cases from the device to the core network.

Archives