Marvell LiquidSecurity 2 Cloud Hardware Security Module Launched

1
Marvell LiquidSecurity 2 Card Cover
Marvell LiquidSecurity 2 Card Cover

Marvell has a new Hardware Security Module, or HSM, that is designed for cloud providers. The new Marvell LiquidSecurity 2 is a significant performance bump over the previous generation, and we thought we would cover it. Part of the reason is that there were some charts STH readers may be more interested in.

Marvell LiquidSecurity 2 Cloud Hardware Security Module

The new Marvell LiquidSecurity 2 is a PCIe form factor that we are told is based on an Octeon DPU. We asked Marvell if it was a Marvell Octeon 10 DPU since the company said it was an Octeon DPU. Marvell said they would get back to us but did not do so in over a week. There is a decent chance it is an older generation such as OCTEON TX2 and Fusion CNF95xx 5G SoCs or something from that portfolio that was a PCIe Gen4 device. Still, we know it is a PCIe card.

Marvell LiquidSecurity 2 LS2 Cloud HSM PCIe Card
Marvell LiquidSecurity 2 LS2 Cloud HSM PCIe Card

If you want to know what is a HSM or Hardware Security Module, Marvell has a slide on that. The goal of the device is to manage security keys and encryption, and Marvell’s solution is an Octeon PCIe card instead of a more costly standalone box.

Marvell LiquidSecurity 2 What Is A HSM
Marvell LiquidSecurity 2 What Is A HSM

Here is a diagram of how it works. Marvell says that its HSM is available through cloud service providers today. Although it did not say which ones, it did point to the fact that Amazon AWS CloudHSM, Microsoft Azure Key Vault Managed HSM, Alibaba Data Encryption Service, and Oracle OCI Vault all have HSM services for their customers.

Marvell LiquidSecurity 2 Protecting Encryption Keys As A Service
Marvell LiquidSecurity 2 Protecting Encryption Keys As A Service

Marvell’s previous generation was the LiquidSecurity 1 from 2015. It has taken seven years to make a second generation, and that shows the type of agility found in this market.

Marvell LiquidSecurity 2 LiquidSecurity 1 HSM Adoption
Marvell LiquidSecurity 2 LiquidSecurity 1 HSM Adoption

Here is the comparison table where the new version has 20% to 1,000% better specs. What we can see is that this is a PCIe Gen4 x8 card that runs at 35-50W. In this space, things like FIPS and PCI certifications are very important.

Marvell LiquidSecurity 2 Highlights
Marvell LiquidSecurity 2 Highlights

The other reason we are covering this launch is really the charts. How many credit card transactions are there per year? This is an important figure since credit card transactions require encryption and are a key use case for HSMs (along with things like managing encryption for services delivered to endpoints.) It turns out that there are a lot of credit card transactions, and they roughly doubled between 2015 and 2020.

Marvell LiquidSecurity 2 Number Of Credit Card Transactions Per Year
Marvell LiquidSecurity 2 Number Of Credit Card Transactions Per Year

Then came Marvell’s most shocking chart:

Marvell LiquidSecurity 2 Encryption Momentum
Marvell LiquidSecurity 2 Encryption Momentum

According to Marvell’s chart, more companies in 2022 do not have an encryption strategy than in 2021 despite a massive jump in the number of companies that do have one. While almost two-thirds of companies seem to have a consistent encryption strategy, a growing number of companies have and encryption strategy. It would be fascinating to see the other categories in this report that make up the extra 22%.

Marvell LiquidSecurity 2 Cloud HSM Projection 2022 2027
Marvell LiquidSecurity 2 Cloud HSM Projection 2022 2027

Marvell believes this encryption growth will drive the adoption of Cloud and Hybrid Cloud HSMs in the future whereas non-cloud HSMs will be down slightly.

Final Words

We wish Marvell had shared more details about the card, but the growing number of companies that do not have an encryption strategy was why we covered this announcement anyway. Our sense is that STH readers should have an encryption strategy so that trend seemed odd.

We just hope we can get an Octeon 10 DPU one day as that is a DPU offering we are very excited about.

1 COMMENT

  1. I must say the specs are a little confusing. For HSM I am used to signing operations and key generation figures.

    Marvel states RSA-2K 42000 ops/s. Which I assume is signing.

    Glad to see Marvell invested in certification. CC is quite expensive.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.