Cavium’s LiquidSecurity HSM allows hybrid cloud users to synchronize keys between AWS CloudHSM and private clouds

Cavium Inc. announced that its LiquidSecurity 140-2 Level 3 FIPS certified appliance enables seamless key backup and application scaling with AWS CloudHSM FIPS 140-2 Level 3 service. Users can deploy LiquidSecurity HSMs on-premises or in a private data center, create a backup from a managed HSM instance in the cloud, and restore the backup to their on-premises HSM.

While the cloud vendor can take backups of customer HSMs, enterprises with escrow needs will benefit from the ability to securely transfer and retain access to their keys within a FIPS boundary. Customers can also utilize this feature to scale in a hybrid cloud environment.

Cavium’s LiquidSecurity HSM family provides high-performance FIPS 140-2 level 3 HSMs that are run-time partitioned for elastic use on the cloud. It addresses high performance, key management and administration requirements for symmetric and asymmetric keys. It also addresses elastic performance per virtual/network domain for cloud environments, allowing enterprises to migrate on-premises workloads subject to compliance regulations or with stringent security requirements to the cloud.

Examples include SaaS applications, e-commerce payment systems and enterprise, banking and government security applications. SaaS applications which rely on this product family include key management as-a-service, database as-a-service, crypto as-a-service, secure DNS, virtual private clouds, and payment systems.

Cavium has observed two major trends driving the requirements for FIPS-based transaction security in cloud data centers. First, e-commerce, healthcare and government applications, which traditionally used FIPS-level security in private data centers, are migrating to a virtualized/SDN-capable, multi-domain cloud infrastructure. They need a secure and elastic FIPS solution as they migrate to the cloud.

Second, enterprise applications that have utilized private keys — but did not require FIPS-based security because they were deployed in private data centers — are migrating to the cloud as well. They now require FIPS-level security for the private keys with high key operation performance in a cloud environment. Hardware security modules are used as the root of trust for these sensitive workloads. To date, end users have been challenged to find an HSM that meets both security requirements such as FIPS 140-2 Level 3 validation, as well as usability requirements such as elasticity and high transactions per second.

Most enterprises can now utilize fully-managed HSMs on the cloud to meet these objectives with lower cost and reduced latency. Some of these end-users also require the additional comfort and reliability of on-premises backups. In addition to disaster recovery, this also ensures enterprises have flexibility in moving between different IaaS providers.

The LiquidSecurity solution, by cloning on-premises HSMs to AWS CloudHSM including users and keys, allows enterprises to do just that.

Cavium caters to the changing needs of its enterprise customers, who require secure and authenticated deployments on the cloud, through its high performance FIPS 140-2 validated solution with storage for large number of keys, flexible support for large number of domains, ease of management and migration, and high bandwidth connectivity with SDN features.

“Cavium’s LiquidSecurity HSM family was designed from the ground up for the cloud and is a proven solution to address the performance, cost, multi-domain and feature requirements of this market,” said Rajneesh Gaur, vice president and general manager at Cavium. “We are excited to extend this product family to provide local backup and dynamic restore capability for customers.”

Last month, Cavium collaborated with Microsoft in the Open Compute Community with ThunderX2 Arm-based servers demonstrating the Project Olympus Platform. The ThunderX2 product family is Cavium’s second generation 64-bit Armv8-A server processor SoC for data center, cloud and high-performance computing applications. The family integrates fully out-of-order high-performance custom cores supporting single and dual socket configurations. ThunderX2 is optimized to drive high computational performance delivering outstanding memory bandwidth and memory capacity.

The new line of ThunderX2 processors includes multiple workload optimized SKUs for both scale up and scale out applications and is fully compliant with Armv8-A architecture specifications as well as Arm’s SBSA and SBBR standards. It is also widely supported by industry-leading operating system, hypervisor and software tool and application vendors.


Leave a Reply

WWPI – Covering the best in IT since 1980