Microsoft Integrates Marvell NIST FIPS 140-3 Level-3 Compliant LiquidSecurity HSMs into Azure Key Vault and Managed HSM Services

Marvell Technology, Inc. announced that Microsoft Corp. – which extensively uses its LiquidSecurity family of HSMs to perform encryption, key management, and other security functions within Azure – will update its fleet of LiquidSecurity HSMs to the FIPS 140-3, Level-3 standard to further enhance its internal security posture and the portfolio of security services offered to its customers.

LiquidSecurity 2 HSMs

LiquidSecurity 1 and LiquidSecurity 2 hardware security modules (HSMs) achieved FIPS 140-3 Level-3 certification from the National Institute of Standards and Technology (NIST) in June. Stringent FIPS 140-3 certification is required by many financial institutions and government organizations and, to date, has largely been available only with traditional HSMs for on-premise use.

“We congratulate Marvell on achieving NIST FIPS 140-3, Level-3 certification of its LiquidSecurity HSMs which power our Azure Key Vault and Azure Key Vault Managed HSM services, and on which we continue to innovate new offerings,” said Soumya Subramanian, VP, cloud security engineering, Microsoft Azure. “Through our collaboration with Marvell, we are able to offer Azure’s customers the most secure and compliant key management services available in public, sovereign or government clouds today.”

FIPS 140 (Federal Information Processing Standard) is a set of security requirements established by NIST and managed by both USA and Canada as part of the CMVP (Cryptographic Module Validation Program). They specify the security requirements that will be satisfied by a cryptographic module, providing four increasingly stringent levels intended to cover a range of potential applications and environments. Many government organizations and financial institutions are mandated to use NIST FIPS-certified HSMs for encryption and key management. Because of the rigorous testing required to meet this certification, the use of HSMs has grown across all markets and use cases have proliferated.

FIPS 140-3 introduces several new security enhancements over FIPS 140-2. This new NIST FIPS 140-3 certification will eventually replace FIPS 140-2 certification as the latter will be moved to Historical List by September 21, 2026.

Transforming encryption through optimized processors
LiquidSecurity devices were created to eliminate the friction associated with achieving better security. A critical element of global commerce, HSMs perform the authentication and encryption processes behind secure key protection and management, credit card purchases, ATM withdrawals, sign-in services and other high-volume transactions. HSMs have historically been packaged as 1U and 2U server appliances running standard microprocessors. These appliances are managed directly by HSM users and deployed on their premises.

LiquidSecurity HSMs, by contrast, are PCIe-based devices powered by Octeon DPUs and designed for use in dense multi-tenant cloud environments. Six of the 10 largest cloud service providers use LiquidSecurity in their operations. A single LiquidSecurity2 card can manage 100,000 pairs of encryption keys and process more than 1 million ops/s. As a result, cloud service providers can deliver HSM services while consuming a fraction of the power, rack space and hardware required by traditional HSMs. Meanwhile, HSM users can switch from the complexity of managing hardware to the ease of subscribing to HSM services. The cloud-based model for HSMs also reduces barriers to employing HSM and encryption services for secure medical records and other transactions.

Revenue from cloud-based HSMs is expected to grow from under 15% today to over 40% by 2028, according to ABI Research.

“Marvell is uniquely positioned to take advantage of cloud-based HSM demand in the market, and remains an industry leader in the space,” said Michela Menting, senior analyst, ABI Research. “FIPS 140-3 represents the latest milestone toward a more diverse and larger market for HSM services.”

“Marvell has been leading the effort to transform HSMs into cloud-based devices since 2015,” said Will Chu, SVP and GM, custom compute and storage, Marvell. “Microsoft has shared in this vision of modernizing the HSM market and we are thrilled to continue working side by side with Microsoft to help Azure customers benefit from the latest security standards for the most demanding applications deployed at cloud scale.”