The HSM vendor is being spun off by Thales ahead of its Gemalto acquisition
UK-founded encryption hardware specialist nCipher Security is back on the market, eleven years after being bought by French aerospace and security multination Thales for £50.7 million. This time around, with enterprise security a greater concern than ever, it looks to be hot property and the company expects to announce a winning bidder for its general purpose hardware security module (HSM) proposition within weeks.
That’s according to John Grimm, Senior Director of Strategy and Business Development, speaking with Computer Business Review this week.
The company, still legally owned by Thales, sells HSMs under the nShield brand and holds some 32 patents. It is being spun off under orders from European regulators: divestiture of the HSM specialist is a condition of the European Commission’s December approval for Thales €4.8 billion all-cash Gemalto acquisition.
Grimm told Computer Business Review: “There are multiple bidders seeking to acquire nCipher’s business. Having achieved the ‘carved out’ status we need to proceed on January 24, the bidding process is ongoing. We expect it will be a matter of weeks before the winning bidder is selected.”
He declined to comment on the potential buyers in the mix or the price the company hopes to attain.
nCipher Security: Formed in Cambridge, Being Divested by Thales Ahead of Gemalto Takeover
nCipher Security, which employs approximately 330 staff, sells HSMs – hardened, tamper-resistant hardware environments for secure cryptographic processing, key generation and protection, encryption and more. These are certified under the crytographic benchmark IPS 140-2.
Its products include the network-attached nShield Connect (illustration at top right), nShield Edge, a portable USB-based module (middle) and nShield Solo (bottom): low-profile PCI express card modules that deliver cryptographic services to applications hosted on a server.
Originally formed by brothers Alex and Nicko van Someren and based in Cambridge, it floated on the London Stock Exchange in 2000. It was bought by Thales in 2008.
Buyers of its HSMs include 50 percent of the FTSE 100’s top 20; notable customers include Microsoft and Samsung.
HSMs are used to to provide a root of trust for a wide variety of business applications including public key infrastructures (PKIs), SSL/TLS encryption key protection, code signing and digital signing.
Grimm told Computer Business Review demand is also growing among IoT vendors.
“So many companies see the IoT as the next frontier to competitive advantage… now it’s a case of ‘how do make sure I can do that without getting in trouble’. They’re making mistakes in how they configure the cloud. If you can simplify and use a common encryption application and method to span multiple clouds, that’s a good start.”
nCipher Security 18 months ago released its Web Services Crypto API interface to support customers running hardened operating systems and with hybrid/multicloud needs without having to develop a custom interface.
Grimm said: “Large customers want to centralise; they want a pool of HSMs, a centre of excellence, that has driven us to make them more cloud-friendly. While folks using a pool of HSMs typically tend to keep many of their applications on-premise, they also want some interoperability with the cloud. The API allows applications that reside anywhere to access nShield services through web service calls.”
He added: “While there has been a lot of buzz about HSMs coming from the cloud providers, the Commission concluded cloud HSMs aren’t there yet. We’re seeing a lot of action.”