The Hardware Security Module (HSM) market is rapidly changing as enterprises seek flexible services deployed over the cloud. This provides users with greater scalability and keeps costs in check while introducing brand-new use cases like Bring Your Own Key (BYOK) and PKI-as-a-Service.
Registered users can unlock up to five pieces of premium content each month.
- Global Hardware Security Module (HSM) shipments for cloud infrastructure were 5,273 in 2021. By 2026, that number will nearly double to 9,084 shipments, growing at a Compound Annual Growth Rate (CAGR) of 11.5%.
- Breaking the market data down by region, North America and Europe/Central Asia generated US$54.6 million in HSM revenue for cloud infrastructure in 2021, which makes these regions the greatest market opportunities.
- North America and Europe/Central Asia will account for US$40.5 million more in revenue by 2026—US$52.5 million and US$42.6 million, respectively. These two regions account for 79% of the Total Addressable Market (TAM).
- Meanwhile, US$15.5 million in HSM revenue for cloud infrastructure will be experienced in Asia-Pacific in 2026, US$7 million in Latin America, and US$3.3 million in the Middle East and Africa.
- Despite cloud-based HSM infrastructure catching momentum, traditional deployments will still dominate the market. With US$175.6 million in revenue expected in 2026, hardware appliance services will account for 71% of the total HSM services revenue that year (78% in 2021).
- The greatest growth by deployment type comes from hosted services. Compared to the US$8 million in hosted services revenue in 2021, that figure will grow at a CAGR of 32.7%, bringing the total to US$33.2 million in revenue.
“The transformation of HSMs to serve cloud deployment models has driven innovation in the technology, dynamized competition between manufacturers, and opened up the market to new entrants.” – Michela Menting, Research Director at ABI Research
Key Decision Items
Position Cloud-based HSM Offerings as a Solution to External Pressures
Enterprises are wary to spend a significant amount of financial capital in the current macroeconomic and geopolitical climate. Supply chain disruptions, labor shortages, U.S.-China disputes, and rumors of a recession are causing companies to rethink Capital Expenditure (CAPEX) models. For HSM providers, this is a golden opportunity to appeal to users by letting them shift to Operating Expenditure (OPEX). A virtualized HSM that is offered in a flexible, as-a-Service (aaS) model reduces the risk for users and lets them consume only the HSM services they need and when they need them. Additionally, an aaS-based HSM removes much of the complexity in owning and managing an HSM. Positioning the cloud-based HSM as a significant cost saver will be key to winning over the budget-conscious enterprise, which so many are at this time.
Treat Interoperability as a Most Pressing Matter
For HSM services to be persuasive to enterprises, they must possess a number of core competencies. For starters, cryptographic capabilities need to be highly adaptable as technology evolves quickly. Of course, that will depend on the ability of the HSM to seamlessly switch between different algorithms and primitives. Next, the HSM has to support many applications and new use cases, such as the Internet of Things (IoT), 5G, and blockchain, to name a few. Therefore, software that runs on application-agnostic hardware is crucial. Lastly, the future of HSM services will rely on something called crypto-diversification, which means services are delivered in a multi-layered approach and the system doesn’t fail at any single point.
Recognize Your Target Audience
For marketing purposes, it’s valuable to know who is not interested in cloud-based HSM services. This being said, organizations that are constrained by stringent regulations don’t show considerable interest at this time. To such organizations, on-premises HSM deployments are preferable because it renders direct control over assets and infrastructure. For example, virtually every payment HSM deployment makes use of the on-premises model given the highly regulated environment in payment applications. Therefore, enterprises operating in banking would not be a good fit for cloud-based HSM deployments. However, these more mature markets (payment, government, and some enterprises) will eventually migrate, albeit in a slow fashion. Replacing a proven deployment model for an untested one takes time to justify, especially as significant costs have already been poured into the on-premises model.
On the other hand, software-defined HSM deployment is a good candidate in new target markets (manufacturing, utilities, retail, telco) and price-sensitive regions, such as Asia-Pacific and Latin America. In sectors where HSMs lack a long history of use, there’s not as much debate about the trade-offs between on-premises and virtualization; they’re open to each equally. To these enterprises, the flexibility, low cost, and feature sets accompanying hybrid and services-only deployments take precedence over compliance and regulation. A variety of vendors can capitalize on this segment, including KMS vendors, technology companies, hyperscalers, cloud providers, PKI and Certificate Authority (CA) providers, etc.
The Software-Defined HSM Introduces New Use Cases
While cryptography forms the basis of HSM operations, the migration to software-defined infrastructure is enabling the convergence of more diversified solutions. Some of those solutions include Key Management Services (KMS), PKI-as-a-Service (PKIaaS), Bring Your Own Key (BYOK), Control Your Own Key (CYOK), and Hold Your Own Key (HYOK for multi-cloud, hybrid cloud, and distributed cloud models. The nature of cloud migration is inherently varied, meaning the extension of services will not be a competitive threat. In fact, new use cases present new opportunities in the end markets.
One use case that’s emerging in the market is confidential computing, which allows for isolated processing in a Trusted Execution Environment (TEE) at the CPU level. The role of the virtualized HSM is to serve as a means of a temporary, secure transmission point when the data is being sent somewhere else. Instead of needing dedicated HSM hardware for this sole relaying purpose, the HSM service application can be brought into play for meeting the demand.
Provide Wide-Range Support for End-Users
A great advantage of cloud HSMs is that they can be deployed as multi-tenant architectures for numerous clients. Various applications and services can be served up or shared between the clients. This is in stark contrast to HSM appliances that serve just one customer. As a result, cloud providers, CSPs, HSM OEMs, or other providers save a substantial amount on operational costs.
At the heart of multi-faceted HSM services is the Application Programming Interface (API), extending support in myriad cloud security demands, notably PKCS #11(baseline). Beyond that, support extends to the following:
- Microsoft CSP/CNG
- Key Management Interoperability Protocol (KMIP)
- RESTful APIs
- Custom and Proprietary Interfaces
Supporting a broader range of applications gives customers more choices and personalization when it comes to digital security, which are highly sought-after benefits of HSM services.
Key Market Players to Watch
HSM-as-a-Service (HMaaS) Providers
OEMs Offering Cloud-Adapted Hardware and HSM Services
Cloud-Adapted HSM OEMs
Dig Deeper for the Full Picture
To learn more about the cloudification of HSM solutions and how vendors/service providers are meeting the evolving needs of organizations as they digitally revolutionize their operations download ABI Research’s Transforming HSM Markets: A Cloud-based Service Expansion research report.
Not ready for the report yet? Check out our Post Quantum Cryptography (PQC): Algorithms, NIST Standardization, Challenges, and Outlook Research Highlight. This content is part of the company’s Cybersecurity Application Research Service.