We’re Building the Future of Data Infrastructure

April 09, 2024

The Big, Hidden Problem with Encryption and How to Solve It

By Bill Hagerstrand, Director of Security Solutions at Marvell

Data encryption, invented nearly 50 years ago1, remains one of our most valuable tools for securing data.

It is also woefully under-utilized.

The most recent Entrust-Ponemon survey shows that 62% of enterprises have an encryption strategy in place, which is another way of saying 38% don’t2. (In 2021, it was 49%3.). The U.S. Department of Health and Human Services imposes millions in fines per year on healthcare organizations for improper snooping of medical records by employees, or health records accidentally released when a doctor’s laptop gets stolen. And, although 60% got hit with ransomware attacks this year, only 24% were able to thwart an attack by encrypting it before the hackers could.

So, what’s the hang up?

Inertia. For all of its effectiveness, encryption has historically been difficult and/or inconvenient to use (in part, of course, for the need to keep access tight.) It requires cooperation between both the sender and receiver and adds additional processing power and time. How many of your personal emails or messages do you encrypt? One of the most widespread and successful uses of encryption in the consumer world—encrypting the data for financial transactions on phones—has succeeded in part because it takes the encryption process out of the hands of consumers and makes it a back-end function. Back-end encryption functions, meanwhile, are also typically performed on a hardware security module (HSM), a 1U to 2U appliance that companies historically kept on premise and maintained on their own.

We created the Marvell® LiquidSecurity® line of cloud-based encryption products to eliminate the friction. Released in 2017, LiquidSecurity puts all of the HSM functions onto a PCIe card to save space, cost, and power. Just as important, it transfers ownership and control over the hardware from on-premises customers to the cloud service providers. Moving the HSMs to the cloud transformed the implementation of encryption from a hardware problem, to buying capacity in the cloud solution.

LiquidSecurity 2, announced last year, boosted the number of keys stored on a single device to 1 million (a 10x improvement), the number of simultaneous ECC transactions to 120,000 and the number of partitions per card to 42. We’ve also begun the process to prepare cloud based HSMs for the post-quantum encryption world.

Six out of the ten largest cloud service providers have integrated the LiquidSecurity platform into their operations in a variety of ways. Some provide it on a per-user or per-transaction basis while others deliver it as part of existing services. Shipments of cloud-based HSMs are expected to rise from around 18% of the market in 2022 to close to 50% by 2027.4 (See Chart)

We have now launched a strategy to eliminate another layer of friction: Third party software integrations. Data centers and most corporate networks are built around an ecosystem of compatible hardware and software from different vendors. By opening our APIs and cultivating ecosystem partnerships, we will enable clouds, and ultimately the customers of the cloud service providers, to increase and optimize their security offerings.

For instance, we are collaborating with HashiCorp, a pioneer in unified authentication for simplifying access across organizations. HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp Vault provides the foundation for modern multi-cloud security. It was purpose-built in the cloud era to authenticate and access different clouds, systems, and endpoints, and centrally store, access, and deploy secrets (API keys, credentials, etc.). Our integration with HashiCorp Vault enables customers to utilize their software with our hardware.

We are also collaborating with Cryptomathic, a global leader with 35+ years in security solutions for a variety of industries. Their Crypto Service Gateway software provides centralized and crypto-agile management of third party HSM hardware. Our integration with Cryptomathic’s Crypto Service Gateway provides an easier path for on-prem customers to migrate their keys to cloud service providers.

And stay tuned, as another area where you can expect to see collaboration is with HSM-based payment systems. Over 1 billion credit card transactions take place every day worldwide with the volume of commerce in the U.S. alone on debit and credit cards to exceed $12 billion by 20255. It’s a humongous channel of commerce that can be further streamlined with an open ecosystem and cloud technologies.

1. Brittanica

2. Entrust

3. Entrust

4. Marvell estimates based in part on industry forecasts and experts.

5. Fool.com 1/24/2024

# # #

 

Marvell and the M logo are trademarks of Marvell or its affiliates. Please visit www.marvell.com for a complete list of Marvell trademarks. Other names and brands may be claimed as the property of others.

This blog contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events, results or achievements. Actual events, results or achievements may differ materially from those contemplated in this blog. Forward-looking statements are only predictions and are subject to risks, uncertainties and assumptions that are difficult to predict, including those described in the “Risk Factors” section of our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q and other documents filed by us from time to time with the SEC. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise.

Tags: Security

Recent Posts

Archives

Categories