HSM convergence creates a service-based market – Technologist
Hardware Security Module (HSM) technologies continue accelerating toward application-first market solutions. ABI Research claims this growth is underpinned by converged platform offerings, vendors now focus on the opportunities delivered from a service-based perspective.
“The strict separation between general-purpose and payment HSMs is dissolving quickly,” explains Michela Menting, a cybersecurity applications research director at ABI Research.
“In their latest flagships, many HSM original equipment manufacturers opt to provide just one converged hardware platform tailored to the applications through software packages.”
Michela Menting
Market-making opportunity
Most HSM OEMs seek to provide all the necessary certifications (FIPS 140-3, PCI PTS HSM v2, and increasingly CC+ EAL) as a baseline for that converged hardware. The differentiation becomes a software and licensing matter that can be easily modified and configured remotely, enabling users to service new applications as their business evolves.
This malleability from a software perspective is key to unlocking the potential of the service-based HSM opportunity, whether managed or hosted (HSM-as-a-Service). Both for enterprise users and managed service providers, it allows for repurposing the HSM for other applications without purchasing new hardware.
With advanced hardware capabilities for multi-tenancy and virtualisation, HSMs can offer greater multi-usage performance. ABI Research forecasts service-based revenue to reach US$229 million globally by 2027.
“Better understanding by enterprises of the need to leverage trusted services for their cloud migration and digital transformation is a significant driver for HSM applications, with OEMs targeting new markets and use cases not only in the enterprise (SMBs) but also in manufacturing, automotive, telco, and utilities. The HSM market is constantly evolving and ripe for innovation,” concluded Menting.
Competitive landscape
Top HSM OEMs in the space include Crypto4A, Entrust, Futurex, IBM, Kryptus, Marvell, Sansec, Securosys, Thales, and Utimaco.