Cavium, Inc., a leading provider of products that enable secure and intelligent processing for enterprise, data center, wired and wireless networking, today announced the LiquidSecurity™ Hardware Security Module (HSM) Family, a complete Hardware Based Transaction Security Solution. The LiquidSecurity™ HSM family provides a FIPS 140-2 level 2 and 3 partitioned, centralized and elastic key management solution with the highest transaction/sec performance. It addresses the high performance security requirements for private key management and administration while also addressing elastic performance per virtual / network domain for the virtualized cloud environment.
This product family is available as a PCI Express adapter with complete software and also as a HSM appliance for evaluation or deployment. It offers a no-compromise, fully-secure and cost efficient solution that addresses the stringent security requirements of SaaS applications, E-Commerce payment systems and Enterprise, Banking and Government security applications especially as they migrate to the Public or Private cloud. Major applications for this product family include Key Management as-a-Service, Database as-a-Service, Crypto as-a-service, Secure DNS, SaaS Applications, Virtual Private Clouds in the Public Cloud and Payment systems.
High Security Modules (HSMs) need to be certified to various standards depending on the applications and target markets. These include FIPS 140-2, Common Criteria EAL 4 and Payment Card Industry (PCI) HSM standards. FIPS 140-2 is a Federal Information Processing standard for Hardware Secure Modules that includes the need for tamper evidence / detection and to keep security keys within the physical boundary of the FIPS 140-2 certified product.
Market Dynamics for Cloud Transaction Security
There are 3 major trends driving the need for FIPS certified Transaction Security in Cloud data centers. E-Commerce, Healthcare and Government applications that traditionally used FIPS level security in private data centers are migrating to the virtualized/SDN capable, multi-domain, multi-tenant cloud infrastructure. They need a secure and elastic FIPS solution as they migrate to the Cloud.
Enterprise applications that use private keys but did not need FIPS based security because they were deployed in private datacenters which were physically located within the enterprise are now migrating to geographically-dispersed Public and Private Cloud where they could be co-located and share resources with multiple tenants. They now need FIPS level security for the private keys with high performance key operation and management in the Cloud environment.
Additionally, in the Cloud Data Center there is a move towards software only version of various networking appliances running on virtual-machines (VM) on data center servers. However these have low TPS (transactions per second) due to a lack of optimized hardware acceleration for the numerous security protocols and algorithms. Application Delivery Controllers, Routers and Firewalls are few examples of these virtual appliances. These virtual appliances need elastic performance and elastic / centralized key storage to reach the needed performance. Current FIPS solutions have limited capabilities to address the emerging requirements of the transaction security market. They offer low performance, low key storage, minimum elasticity, no SDN features and have a high cost.
Fully secure and authenticated deployments in the cloud require a high performance FIPS 140-2 solution with storage for large number of keys, flexible support for large number of domains, ease of management and migration, and high bandwidth connectivity with SDN features. Cavium’s LiquidSecurity HSM family is the first solution in the market that offers a no-compromise solution that effectively addresses the performance, cost, multi domain and comprehensive feature requirements of the Transaction Security market. It offers 10-30x higher performance and 10x greater storage when compared to existing solutions.
“With government and enterprise applications moving to virtualized public and private clouds, the demand for secure, multi-domain, high performance/storage HSM solutions is increasing rapidly,” said Bob Wheeler, Principal Analyst at The Linley Group. “Cavium’s LiquidSecurity HSM family meets these requirements by delivering an innovative and comprehensive security solution to the market.”
Introducing the LiquidSecurity HSM Family
LiquidSecurity HSM Family is a FIPS 140-2 Level 2 and 3 certified product family from Cavium. The LiquidSecurity Solution is available as a PCIe adapter family as well as an Appliance. Both product families include the highly innovative LiquidSecurity Server and Client software.
• SSL handshake offloads for 32 domains – LiquidSecurity family has 32 FIPS 140-2 Level 3 Partitions. Each partition functions as an independent and fully secure HSM.
• Dual FIPS boundary – With the appliance version of the family a dual FIPS 140-2 boundary is also available that provides an added layer of security.
• Storage for up to 1M keys is supported with multiple appliances in a scalable manner.
• Tens of Thousands of 2048 bit RSA Ops/sec – LiquidSecurity HSM family provides market leading performance to meet the needs of multiple domains or virtual appliances. This performance is at least 10 times higher than any other solution on the HSM market today. This product family also supports 10 Gbps bulk encryption. In addition, multiple LiquidSecurity HSM modules can be pooled together to offer highest performance for mega data centers.
• Hardware support for 2048 bit RSA key pair generation –robust key generation within the FIPS boundary is a critical component of the overall security this product family provides.
• Scalability – For the most demanding applications up to 20 LiquidSecurity HSM appliances can be seamlessly connected through the native 10 Gigabit Ethernet ports.
LiquidSecurity Product Line
• LiquidSecurity HSM PCI Express Adapter Family is a standard PCI Express adapter family bundled with LiquidSecurity HSM software.
• LiquidSecurity HSM Appliance Family – This is a 1U Appliance which includes the full suite of LiquidSecurity HSM software along with 2 x 10G Ethernet Ports for evaluation or deployment. This appliance family has the added capability of providing standard or custom SDN support with an optional LiquidIO Server Adapter from Cavium.
LiquidSecurity HSM Family Software
The LiquidSecurity family of products includes a comprehensive suite of HSM Family Software consisting of various components that enable easy customer integration. The software solution includes the LiquidSecurity Client which supports cryptographic APIs such as PKCS11, Java JCA, OpenSSL and Microsoft CNG. These APIs enable applications such as Crypto As-A-Service, Database encryption, Document signing and many others. LiquidSecurity software
management tools, High Availability and Load balancing features and restful APIs enable customers to easily integrate the PCI card or appliance within their existing management environment.The robust feature set enables deployment in all locations including Public Cloud, Colocation facilities & Private Cloud.
“The LiquidSecurity HSM Product family provides critical performance, feature and TCO benefits to customers for transaction security that have not been available in the market until now,” said Rajneesh Gaur, Vice President and General Manager at Cavium. “These breakthrough capabilities will enable a no compromise, high security solution and accelerate the transition to the Cloud for SaaS as well as Enterprise, Banking and Government secure applications.”
Cavium has worked with several market leading solution providers to enable a robust ecosystem of solutions that can seamlessly interoperate with the LiquidSecurity HSM Family. This ecosystem will enable customers to seamlessly integrate the new LiquidSecurity Family of products into their existing Data Center application environment. The early partners include F5 Networks, A10 Networks & Kemp Technologies for Application Delivery Controllers and Extrahop Networks for Application analysis and Performance Monitoring. Additional partners will be added over the coming quarters.
LiquidSecurity HSM Family is now available from Cavium in both the PCI Express Adapter and appliance form factors.