Cavium has announced that its LiquidSecurity 140-2 Level 3 FIPS certified appliance, which enables seamless key backup and application scaling with AWS Cloud HSM FIPS 140-2 Level 3 service.
Customers can deploy LiquidSecurity Hardware Security Module (HSMs) on-premises or in a private data centre, create a backup from a managed HSM instance in the cloud, and restore the backup to their on-premises HSM.
While the cloud vendor can take backups of customer HSMs, enterprises with escrow needs will benefit from the ability to securely transfer and retain access to their keys within a FIPS boundary. Customers can also utilise this feature to scale in a hybrid cloud environment.
'Cavium’s LiquidSecurity HSM family was designed from the ground up for the cloud and is a proven solution to address the performance, cost, multi-domain and feature requirements of this market. We are excited to extend this product family to provide local backup and dynamic restore capability for customers,' said Rajneesh Gaur, Vice President and General Manager at Cavium.
Cavum’s LiquidSecurity HSM family provides high-performance FIPS 140-2 level 3 HSMs that are run-time partitioned for elastic use on the cloud. It addresses high performance, key management and administration requirements for symmetric and asymmetric keys.
The HSM also addresses elastic performance per virtual/network domain for cloud environments, allowing enterprises to migrate on-premises workloads subject to compliance regulations or with stringent security requirements to the cloud. Examples include SaaS applications, e-commerce payment systems and Enterprise, Banking and Government security applications. SaaS applications which rely on this product family include Key Management as-a-Service, Database as-a-Service, Crypto as-a-Service, Secure DNS, Virtual Private Clouds, and payment systems.
Cavium has observed two major trends driving the requirements for FIPS-based transaction security in cloud data centers. First, e-commerce, healthcare and government applications, which traditionally used FIPS-level security in private data centres, are migrating to a virtualised/SDN-capable, multi-domain cloud infrastructure. They need a secure and elastic FIPS solution as they migrate to the cloud.
Second, enterprise applications that have utilised private keys - but did not require FIPS-based security because they were deployed in private data centres - are migrating to the cloud as well. They now require FIPS-level security for the private keys with high key operation performance in a cloud environment. Hardware security modules are used as the root of trust for these sensitive workloads. To date, end users have been challenged to find an HSM that meets both security requirements such as FIPS 140-2 Level 3 validation, as well as usability requirements such as elasticity and high transactions per second.
Most enterprises can now utilise fully-managed HSMs on the cloud to meet these objectives with lower cost and reduced latency. Some of these end-users also require the additional comfort and reliability of on-premises backups. In addition to disaster recovery, this also ensures enterprises have flexibility in moving between different IaaS providers. The LiquidSecurity solution, by cloning on-premises HSMs to AWS CloudHSM including users and keys, allows enterprises to do just that.
Cavium caters to the changing needs of its enterprise customers, who require secure and authenticated deployments on the cloud, through its high performance FIPS 140-2 validated solution with storage for large number of keys, flexible support for large number of domains, ease of management and migration, and high bandwidth connectivity with SDN features.