Last year, Marvell announced that the Marvell LiquidSecurity family of cloud-based hardware security modules (HSMs) achieved FIPS 140-3, Level-3 certification from the National Institute of Standards and Technology. FIPS 140-3 certification is mandatory for many financial institutions and government agencies and, until then, had largely only been available with traditional self-managed, on-premises HSMs.
FIPS 140-3 certification also meant that cloud service providers could use LiquidSecurity HSMs to provide a wider range of security services to larger universe of customers.
Microsoft, which uses LiquidSecurity HSMs to power its Azure Key Vault and Azure Key Vault Managed HSM service, said it would begin to incorporate FIPS140-3 certified modules into its infrastructure.
This month, Microsoft began to offer single-tenant HSM services with FIPS 140-3 based services with LiquidSecurity in public preview.
“Every interaction in the digital world from processing financial transactions, securing applications like PKI, database encryption, document signing to securing cloud workloads and authenticating users relies on cryptographic keys. A poorly managed key is a security risk waiting to happen. Without a clear key management strategy, organizations face challenges such as data exposure, regulatory non-compliance and operational complexity,” Microsoft’s Sean Whalen wrote in the Azure Infrastructure blog. “An HSM is a cornerstone of a strong key management strategy, providing physical and logical security to safeguard cryptographic keys.
He goes on to outline how customers can securely manage their own keys and perform cryptographic operations within a dedicated HSM cluster. Microsoft supports a wide array of software and tools for seamless integration into existing cryptographic architectures.
Expect to hear more about the adoption of cloud-based HSMs. Although your parents (unless they’re a security admin) have likely never heard of HSMs, the devices are pervasive in our society. Nearly two billion credit card transactions are performed worldwide daily1. The overwhelming majority of those rely on HSMs and, because payment systems require both PCI and FIPS certification (or the equivalent certification in other jurisdictions) these transactions run through 1U and 2U on-premises systems. Most on-premises deployments are racks of 1U and 2U systems along with on-premises servers and networking and, of course, personnel.
LiquidSecurity delivers HSM functionality through a single PCIe card: a single LiquidSecurity 2 device can manage 1 million sets of encryption keys and perform 120,000 simultaneous ECC transactions with a fraction of the rack space and power. Put another way, Cloud-based HSMs transform a hardware purchasing and management problem for banks into a streamlined cloud service. As a financial institution, deploying expensive dedicated 1U appliance hardware for payment transactions, is an expensive overhead. Consuming HSM’s as a service through a cloud service provider requires little Capex expenditures, ensures you have the latest hardware/software solutions, and adds an additional layer of security offered by these hyperscalers.
Again, stay tuned.
Bill Hagerstrand is the director of the security business at Marvell.
1. CapitalOne Research May 2024.
# # #
This blog contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events or achievements. Actual events or results may differ materially from those contemplated in this blog. Forward-looking statements are only predictions and are subject to risks, uncertainties and assumptions that are difficult to predict, including those described in the “Risk Factors” section of our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q and other documents filed by us from time to time with the SEC. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise.
Tags: Security, cloud-optimized HSMs
Copyright © 2025 Marvell, All rights reserved.