- PRODUCTS
- COMPANY
- SUPPORT
- PRODUCTS
- BY TYPE
- BY MARKET
Compute
Networking
- Automotive
- Coherent DSP
- Data Center Switches
- DCI Optical Modules
- Enterprise Switches
- Ethernet Controllers
- Ethernet PHYs
- Linear Driver
- PAM DSP
- PCIe Retimers
- Transimpedance Amplifiers
Storage
Custom
- COMPANY
Our Company
Media
Contact
- SUPPORT
BY TYPE
Compute
Networking
Custom
BY MARKET
April 10, 2024
HashiCorp and Marvell: Teaming Up for Multi-Cloud Security Management
By
Bill Hagerstrand, Director of Security Solutions at Marvell
In this blog I describe how cybersecurity professionals can utilize Marvell® LiquidSecurity® HSMs with self-managed HashiCorp Vault Enterprise software, deployed on-prem and in the cloud.
HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp Vault provides the foundation for modern multi-cloud security. It was purpose-built in the cloud era to authenticate and access different clouds, systems, and endpoints, and centrally store, access, and deploy secrets, i.e. encryption keys, passwords, API tokens, tokens used in applications, services, privileged accounts, or other sensitive portions of the IT ecosystem. It also provides a simple workflow to encrypt data in flight and at rest. Global organizations use Vault to solve security challenges as they adopt cloud and DevOps-friendly solutions.
To date, HashiCorp Vault typically runs clusters built around rack-mounted servers, 32-64GB of RAM and over 200GB of storage capacity.
The Marvell LiquidSecurity family is a solution of hardware security modules (HSMs) based on a PCIe form factor. They were purposely designed to enable CSPs (Cloud Service Providers) to offer security services in a cloud environment and differ substantially from other HSM vendors. The increased performance, for instance, dramatically reduces the cost, power and rack space needed for performing encryption and key management. LiquidSecurity 2, our latest model, can manage up to 1 million keys and supports 42 partitions for secure multitenancy in a single PCIe slot.
The LiquidSecurity family of devices also comes with software for performing key management, encryption, and other tasks while running on energy-efficient processors. It’s good to note that six of the ten largest clouds enable encryption and/or key management using LiquidSecurity HSMs as the root of trust.
The combination of our two technologies represents the latest step in the cloudification of security. Financial institutions and other encryption-intensive users are shifting from managing their own on-premises HSMs to a cloud model. As cloud based HSMs become more prevalent, customers are looking for ways to ensure that encryption services can be deployed in a relatively seamless ways across multiple clouds or in a hybrid fashion.
In summary, Marvell LiquidSecurity HSMs can harden HashiCorp Vault deployed on-prem or in the cloud with the supported features:
- Automatic Unsealing: The Marvell HSM adapter can store Vault’s root key within the FIPS boundary of our PCIe card, allowing for automatic unsealing.
- Seal Wrapping: Vault Enterprise enables seal wrapping by default. The PKCS11 seal configures Vault to use Marvell HSMs as the seal wrapping mechanism.
- Entropy Augmentation: This allows Vault to sample entropy from an external Marvell HSM.
- Offload PKI Key Management via Managed Keys: Vault will offload PKI operations to the Marvell HSM so that “create” or “store” critical private key material never leaves the FIPS boundary.
For organizations that use self-managed HashiCorp Vault Enterprise software and require NIST FIPS 140-2, Level-3 certification, our integration provides additional security layers.
# # #
Marvell and the M logo are trademarks of Marvell or its affiliates. Please visit www.marvell.com for a complete list of Marvell trademarks. Other names and brands may be claimed as the property of others.
This blog contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events, results or achievements. Actual events, results or achievements may differ materially from those contemplated in this blog. Forward-looking statements are only predictions and are subject to risks, uncertainties and assumptions that are difficult to predict, including those described in the “Risk Factors” section of our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q and other documents filed by us from time to time with the SEC. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise.
Tags: Security
Recent Posts
- 2006: The Twelve Months That Changed the Chip Industry
- Encrypting Data in Use: How HSMs Can Advance Next-Generation Confidential Compute
- Nine Things to Remember About the Future of Copper in Computing
- Cloud-Managed Enterprise (CME) Switches Powered by SONiC
- Marvell COLORZ 800 Named Most Innovative Product at ECOC 2024
Archives
Categories
- 5G (12)
- AI (22)
- Automotive (26)
- Cloud (9)
- Coherent DSP (5)
- Company News (101)
- Custom Silicon Solutions (2)
- Data Center (44)
- Data Processing Units (22)
- Enterprise (25)
- ESG (6)
- Ethernet Adapters and Controllers (12)
- Ethernet PHYs (4)
- Ethernet Switching (37)
- Fibre Channel (10)
- Marvell Government Solutions (2)
- Networking (33)
- Optical Modules (12)
- Security (6)
- Server Connectivity (23)
- SSD Controllers (6)
- Storage (22)
- Storage Accelerators (2)
- What Makes Marvell (35)
Copyright © 2024 Marvell, All rights reserved.
- Terms of Use
- Privacy Policy
- Contact