Marvell unveiled
its LiquidSecurity 2 (LS2) hardware security module (HSM) adapter, the
industry's most advanced solution for enabling encryption, key management,
authentication and other HSM services in the cloud. LS2 is a converged security
platform for payment, privacy compliance, and general purpose applications, and
is powered by a cloud-optimized Marvell OCTEON data processing unit (DPU),
proven at scale across the world's largest hyperscale clouds. The new Marvell
HSM adapter offers the industry's highest performing cryptographic acceleration
and processing, including hardware-secured storage of up to one million keys
for AES, RSA and ECC encryption algorithms, and 45 partitions for robust
multi-tenant use cases.
As enterprises migrate from
on-premises to private- or multi-cloud environments, the industry-leading
Marvell LiquidSecurity platform empowers cloud service providers and large
enterprises to create HSM-as-a-service clouds. Marvell's HSM adapters have the
latest FIPS-certified security boundary, designed for the most demanding
applications deployed at cloud-scale while offering best-in-class cost,
performance and energy efficiency for both public and private clouds.
"Today, LiquidSecurity
empowers the world's largest clouds to build HSM-as-a-service, with
unprecedented performance, securing billions of transactions per month," said
Raghib Hussain, President of Products and Technologies at Marvell. "The new LS2
will improve the performance and economics for hyperscalers while expanding the
total available market by making it easier for enterprises and governments to
secure their applications in public, private and hybrid clouds. The global
datasphere will be a more secure place when all encryption keys are stored in
hardware."
Modernizing the HSM
Marvell has been leading the
effort to transform HSMs into cloud-based devices since 2015. HSMs are the
backbone for performing key management, cryptographic functions and
authentication for banks, ATM networks, media companies and other service
providers. In the U.S. alone, the value of credit and debit card transactions
is expected to rise from $8 trillion to $12.9 trillion by 2025. Virtually all
of the 468 billion plus credit card transactions that occur annually around the
world rely on HSMs. Most HSMs, however, are on-premises devices managed by an
in-house team of experts or third-party support organizations. Training,
deployment and ongoing management of encryption systems also remain critical
barriers to broader adoption of on-premise HSM-based encryption across
enterprises.
Marvell's LiquidSecurity
product line leverages the performance of the company's cloud-optimized OCTEON®
DPU family. Combining leading technologies with Marvell's expertise in software
and systems development, the company delivers HSM functionality in a PCIe card,
helping users to reduce the cost, rack space, and overhead inherent in
traditional HSMs, while simultaneously increasing performance to maximize the
flexibility and use cases. This enables cloud and SaaS providers to deploy HSMs
to deliver new services or enhance existing ones at a lower total cost of
ownership (TCO) than any other alternative. And instead of buying and managing
private, on-prem HSMs, more retailers, banks and other organizations can move
up to the highest level of security by procuring HSM services on a
pay-as-you-go basis.
Today, LS2 hardware can be
certified and updated in the field to support new algorithms and variants, such
as post-quantum cryptography, providing cryptographic agility and
future-proofing the HSM against new vulnerabilities. Key capabilities of the
Marvell LS2 HSM include:
- Highest-Performance:
Up to 100,000 ECC operations per second
- Scalability
and Flexibility: Up to 1 million keys and 45
partitions
- Lowest
TCO: Lowest cost per key stored,
per partition (performance per dollar and performance per watt)
- Comprehensive
SDK: API-first design for greater
flexibility and rapid deployment
- Multiple
Models, Form Factors and Capabilities:
Supports a wide range of use cases across market verticals and multi-cloud
deployments
- Extensive
Compliance Roadmap: FIPS
140-31, CC, eIDAS, PCI PTS HSM 4.0
- Reliability:
High availability, load balancing, and fault tolerance
"HSM-as-a-service will play an
important role in the cloud-based economy," said Michela Menting, Digital
Security Research Director at ABI Research. "Marvell is at the forefront of
enhancing the HSM experience for customers and owners by championing a converged,
cloud-adapted solution that is expanding the usefulness and pervasiveness of
encryption services. The development of cloud-based HSMs will be one of
security's more impactful trends in the years to come."