In this blog I describe how cybersecurity professionals can utilize Marvell® LiquidSecurity® HSMs with self-managed HashiCorp Vault Enterprise software, deployed on-prem and in the cloud.
HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp Vault provides the foundation for modern multi-cloud security. It was purpose-built in the cloud era to authenticate and access different clouds, systems, and endpoints, and centrally store, access, and deploy secrets, i.e. encryption keys, passwords, API tokens, tokens used in applications, services, privileged accounts, or other sensitive portions of the IT ecosystem. It also provides a simple workflow to encrypt data in flight and at rest. Global organizations use Vault to solve security challenges as they adopt cloud and DevOps-friendly solutions.
To date, HashiCorp Vault typically runs clusters built around rack-mounted servers, 32-64GB of RAM and over 200GB of storage capacity.
The Marvell LiquidSecurity family is a solution of hardware security modules (HSMs) based on a PCIe form factor. They were purposely designed to enable CSPs (Cloud Service Providers) to offer security services in a cloud environment and differ substantially from other HSM vendors. The increased performance, for instance, dramatically reduces the cost, power and rack space needed for performing encryption and key management. LiquidSecurity 2, our latest model, can manage up to 1 million keys and supports 42 partitions for secure multitenancy in a single PCIe slot.
The LiquidSecurity family of devices also comes with software for performing key management, encryption, and other tasks while running on energy-efficient processors. It’s good to note that six of the ten largest clouds enable encryption and/or key management using LiquidSecurity HSMs as the root of trust.
The combination of our two technologies represents the latest step in the cloudification of security. Financial institutions and other encryption-intensive users are shifting from managing their own on-premises HSMs to a cloud model. As cloud based HSMs become more prevalent, customers are looking for ways to ensure that encryption services can be deployed in a relatively seamless ways across multiple clouds or in a hybrid fashion.
In summary, Marvell LiquidSecurity HSMs can harden HashiCorp Vault deployed on-prem or in the cloud with the supported features:
For organizations that use self-managed HashiCorp Vault Enterprise software and require NIST FIPS 140-2, Level-3 certification, our integration provides additional security layers.
# # #
Marvell and the M logo are trademarks of Marvell or its affiliates. Please visit www.marvell.com for a complete list of Marvell trademarks. Other names and brands may be claimed as the property of others.
This blog contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events, results or achievements. Actual events, results or achievements may differ materially from those contemplated in this blog. Forward-looking statements are only predictions and are subject to risks, uncertainties and assumptions that are difficult to predict, including those described in the “Risk Factors” section of our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q and other documents filed by us from time to time with the SEC. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise.
Tags: Security
Copyright © 2023 Marvell, All rights reserved.