The Hardware Security Module (HSM) market is a niche, specialised, and hard to penetrate, but it is on track for expansion. ABI Research forecasts that the HSM market to hit the billion-dollar mark by 2024 driven by an increased focus on service capabilities, enterprise digital transformation strategies, including cloud demand and IoT growth, and un intensifying demand in new applications and delivery models.
Users of HSM products have traditionally been driven to purchase by regulation compliance requirements (notably payment transaction and data protection legislation), as well as the protection of large business assets (users and systems).
“This specific focus, and the complexity of operating HSMs, has rather restrained the opportunity for HSM products to large and regulated organisations, resulting in a slow-growing and rather a monolithic market dominated by well-established and highly specialised vendors,” explained Michela Menting, cyber and digital security research director at ABI Research.
However, the offer of service models has proven increasingly popular over the years, and in particular cloud-based services.
Why the interest in HSM?
The advantages of HSM-as-a-Service (HSMaaS) (or Cloud HSM) are numerous: high scalability, flexibility, greater choice of features and use cases, no CAPEX, and no maintenance requirements. They allow enterprises to take more risks in testing new use cases (for example in digital payments or blockchain) and they appeal to smaller and medium-sized businesses outside of that traditional target market, as the cost involved, and skill set required is much lower.
The appeal of HSMaaS is set to drive growth in HSM hardware adoption and an expansion of the install base. This will serve untapped markets in the SMB space, and new demands in IoT and 5G applications.
To meet these, hardware offerings are increasingly flexible, customisable, and updatable to enable new and extended usage, such as converged HSMs that have both payment and GP functionalities, emphasis on multi-tenancy capabilities, and the ability to deploy various APIs, among many others.
The competitive landscape
This has also meant that new players are entering the market, from cloud service providers, cloud security vendors and data infrastructure vendors (Fortanix, Marvell) to smaller companies (niche players like Atos, Kryptus, Dinamo Networks, Sansec, Procenne, Securosys, Ultra Electronics), breaking out of their mould and challenging the status quo.
This is driving the vendors with the more established products (Thales, Entrust, Utimaco, IBM, Futurex) to evolve and adapt their offerings, through internal development, acquisitions, and market expansion strategies.
“Consequently, the HSM market today is dynamized, prompting innovation and diversification in product offerings and pricing models. The HSM space is one to watch closely as new opportunities will continue to emerge,” Menting concluded.