Microsoft today extended its collaboration with Marvell Technology, selecting the company’s LiquidSecurity family of hardware security modules (HSMs) to power Azure Cloud HSM. The announcement, made by Marvell on August 18, 2025, brings PCIe-attached, FIPS 140-3 Level 3-validated HSMs into Microsoft’s single-tenant cloud HSM clusters, targeting regulated and high-assurance workloads.
Azure Cloud HSM is a customer-owned, highly available service that gives tenants full administrative control of cryptographic keys while Microsoft manages cluster availability, patching, and lifecycle operations. By integrating Marvell’s dense, cloud-optimized cards, Microsoft aims to deliver appliance-class security with the operational and economic advantages of a managed cloud model.
What Marvell LiquidSecurity Brings to Azure Cloud HSM
Marvell’s LiquidSecurity line departs from traditional 1U/2U HSM appliances by using PCIe-form-factor cards powered by optimized OCTEON data processing units (DPUs). A single LiquidSecurity2 card can manage up to 100,000 pairs of encryption keys and process more than one million cryptographic operations per second, depending on the algorithm. These specifications are vendor-supplied engineering targets designed for hyperscale deployments.
The PCIe form factor pushes compute and crypto acceleration directly into the server chassis, reducing rack footprint, power consumption, and per‑operation latency compared with external networked appliances. For cloud operators, that translates into higher key density per rack unit, greater aggregate throughput, and lower total cost of ownership at scale.
“We are excited to extend our collaboration with Microsoft on the Microsoft Azure Cloud HSM service with Marvell LiquidSecurity HSMs,” said Will Chu, senior vice president and general manager of Custom Cloud Solutions at Marvell. “Together, we share a vision to modernize the HSM market and enable Azure customers to leverage the latest security standards for the most demanding, cloud-scale applications.”
FIPS 140-3 Level 3: The Compliance Gold Standard
FIPS 140-3 Level 3 validation is a critical requirement for government, financial, and other regulated industries. It provides auditable evidence that the cryptographic module meets rigorous physical security and tamper‑response standards. Both Microsoft and Marvell have emphasized this certification. Microsoft has previously upgraded firmware across Azure Key Vault and Managed HSM to FIPS 140-3 Level 3, and Marvell’s LiquidSecurity modules were validated to that standard before broader Azure adoption.
This alignment removes a common barrier for migrating compliance‑driven workloads to managed cloud HSM services. Customers can now point to the underlying hardware certification to satisfy auditors without having to operate and maintain their own on‑premises appliances.
The Cloud HSM Cluster Model: Customer Control Meets Managed Operations
Azure Cloud HSM clusters group HSM instances into redundant, synchronized nodes that provide automatic migration and high availability. Customers retain administrative control of their keys, while Microsoft handles the operational heavy lifting—availability, patching, and lifecycle management. End‑to‑end encrypted access over a private, dedicated link from the customer’s virtual network ensures isolation.
“Many customers require administrative control of their HSMs, but don't want the overhead and ancillary costs that come with managing high availability HSM clusters on their own,” said Soumya Subramanian, vice president of Cloud Security Engineering at Microsoft. “Through our longstanding collaboration, we are able to offer Microsoft Azure customers the most secure and compliant key management services available in public, sovereign or government clouds today.”
Performance Claims and the Need for Independent Validation
The most consequential numbers in the announcement—100,000 key pairs per LS2 card and >1,000,000 operations per second—are vendor‑stated engineering specifications. They are meaningful if validated under representative workloads, but prospective buyers should treat them as directional until independently benchmarked. Multiple industry analyses flagged these claims as vendor‑supplied and recommended pilot testing.
Real‑world performance depends on algorithmic behavior (RSA, ECC, AES‑GCM), concurrency limits, tail latency, and workload mix. Customers are advised to request the vendor’s benchmark methodology and run their own tests under production‑like conditions before committing to large‑scale deployment.
Security Analysis: Strengths and Opportunities
The partnership brings several clear advantages:
- Strong certification footprint: FIPS 140-3 Level 3 validation helps Azure offer a managed alternative for workloads that historically required on‑site hardware.
- Cloud‑native form factor: PCIe cards eliminate network round trips, reducing latency and boosting throughput for TLS offload, certificate authority operations, code signing, and high‑frequency signing.
- Operational simplicity: Customers offload cluster management to Microsoft while retaining key control, attractive for teams that want to avoid appliance lifecycle burdens.
- Economics at scale: Higher per‑card throughput and partition density can lower per‑operation costs, a critical lever in hyperscale economics.
Michela Menting, senior research director at ABI Research, noted: “Cloud continues to drive the pace in HSM spending as service providers work to ensure that the underlying infrastructure can support the growing demands of confidential computing and cloud sovereignty. Marvell, which pioneered the category of cloud-optimized HSMs and remains the leader in the category, is poised to play a significant role in this evolution.”
Risks and Considerations: What IT Teams Must Verify
Despite the promise, several risks warrant careful attention:
- Vendor and supply‑chain concentration: Heavy reliance on a single HSM supplier for a major hyperscaler amplifies systemic risk. A widespread firmware bug or supply disruption could have a broad blast radius. Procurement teams should evaluate multi‑vendor fallback plans and contractual remediation SLAs.
- Certification scope and firmware specificity: FIPS 140-3 Level 3 certifications apply to specific hardware/firmware combinations. Firmware updates can alter the certification posture; customers must confirm the exact SKU, firmware version, and regional coverage that apply to their deployment.
- Partitioning and side‑channel concerns: Dense multi‑partition use increases potential attack surface for contention or side‑channel vectors. Azure’s single‑tenant model mitigates many risks at the cluster level, but customers with stringent threat models should validate partition isolation guarantees.
- Performance reality vs. published specs: As noted, vendor figures must be validated independently. Tail latency, concurrency limits, and algorithmic differences can significantly impact real‑world experience.
- Long‑term cryptographic agility: HSMs are tied to key lifetimes that may span a decade or more. Organizations should demand vendor roadmaps for post‑quantum cryptography (PQC) support, field‑upgradeability, and rollback procedures to avoid disruptive hardware migrations when algorithms evolve.
Implementation Guidance: Where It Fits and Where Caution Is Warranted
Good fit: Payment processors, certificate authorities, and high‑frequency signing services that need FIPS 140-3 Level 3 assurance while benefiting from lower latency and managed availability. Confidential computing and sovereign cloud customers requiring demonstrable certification and private network access will also find value.
Cases needing extra caution: Workloads involving extremely sensitive, long‑lived key material where organizational risk tolerance prohibits single‑vendor reliance without a verified fallback. Environments demanding bespoke side‑channel resistance or internal lab certification should insist on independent benchmarking and firmware signing before large‑scale rollout.
What to Watch Next
- Independent third‑party benchmarks: Look for vendor‑neutral lab reports that reproduce or refute per‑card throughput and key‑density claims under realistic workloads.
- Firmware lifecycle disclosures: Monitor how Marvell and Microsoft publish firmware update schedules, re‑certifications, and rollback mechanisms for FIPS coverage.
- PQC roadmaps: Track vendor announcements about field‑upgradable PQC algorithm support and how those upgrades will be validated within FIPS and regional frameworks.
Conclusion
Microsoft’s decision to adopt Marvell LiquidSecurity HSMs for Azure Cloud HSM marks a significant vote of confidence in cloud‑native, PCIe‑attached HSM architectures. It combines appliance‑class certification with host‑attached performance economics and managed cloud convenience. For enterprises, the move opens a feasible path to migrate regulated HSM workflows to a managed model while preserving administrative key control and compliance posture. However, the technical claims that drive the narrative—especially per‑card key counts and operations‑per‑second figures—are vendor‑stated engineering targets that must be validated through pilot testing and contractual assurances. Procurement and security teams should verify certification scope, demand benchmark transparency, negotiate robust SLAs, and plan for crypto agility and vendor contingency to ensure a secure, scalable migration to cloud‑based HSMs.