Marvell has a new Hardware Security Module, or HSM, that is designed for cloud providers. The new Marvell LiquidSecurity 2 is a significant performance bump over the previous generation, and we thought we would cover it. Part of the reason is that there were some charts STH readers may be more interested in.
Marvell LiquidSecurity 2 Cloud Hardware Security Module
The new Marvell LiquidSecurity 2 is a PCIe form factor that we are told is based on an Octeon DPU. We asked Marvell if it was a Marvell Octeon 10 DPU since the company said it was an Octeon DPU. Marvell said they would get back to us but did not do so in over a week. There is a decent chance it is an older generation such as OCTEON TX2 and Fusion CNF95xx 5G SoCs or something from that portfolio that was a PCIe Gen4 device. Still, we know it is a PCIe card.
If you want to know what is a HSM or Hardware Security Module, Marvell has a slide on that. The goal of the device is to manage security keys and encryption, and Marvell’s solution is an Octeon PCIe card instead of a more costly standalone box.
Here is a diagram of how it works. Marvell says that its HSM is available through cloud service providers today. Although it did not say which ones, it did point to the fact that Amazon AWS CloudHSM, Microsoft Azure Key Vault Managed HSM, Alibaba Data Encryption Service, and Oracle OCI Vault all have HSM services for their customers.
Marvell’s previous generation was the LiquidSecurity 1 from 2015. It has taken seven years to make a second generation, and that shows the type of agility found in this market.
Here is the comparison table where the new version has 20% to 1,000% better specs. What we can see is that this is a PCIe Gen4 x8 card that runs at 35-50W. In this space, things like FIPS and PCI certifications are very important.
The other reason we are covering this launch is really the charts. How many credit card transactions are there per year? This is an important figure since credit card transactions require encryption and are a key use case for HSMs (along with things like managing encryption for services delivered to endpoints.) It turns out that there are a lot of credit card transactions, and they roughly doubled between 2015 and 2020.
Then came Marvell’s most shocking chart:
According to Marvell’s chart, more companies in 2022 do not have an encryption strategy than in 2021 despite a massive jump in the number of companies that do have one. While almost two-thirds of companies seem to have a consistent encryption strategy, a growing number of companies have and encryption strategy. It would be fascinating to see the other categories in this report that make up the extra 22%.
Marvell believes this encryption growth will drive the adoption of Cloud and Hybrid Cloud HSMs in the future whereas non-cloud HSMs will be down slightly.
We wish Marvell had shared more details about the card, but the growing number of companies that do not have an encryption strategy was why we covered this announcement anyway. Our sense is that STH readers should have an encryption strategy so that trend seemed odd.
We just hope we can get an Octeon 10 DPU one day as that is a DPU offering we are very excited about.
I must say the specs are a little confusing. For HSM I am used to signing operations and key generation figures.
Marvel states RSA-2K 42000 ops/s. Which I assume is signing.
Glad to see Marvell invested in certification. CC is quite expensive.