Security Experts:

Entrust to Acquire Hardware Security Module Maker nCipher

Entrust Datacard and Thales have signed a definitive agreement for Entrust to acquire the nCipher general purpose hardware security module (GP HSM) division of Thales. Financial details have not been disclosed.

nCipher became a separate stand-alone business within Thales on January 7, 2019. This was done as a requirement of the European Union before it would allow completion of Thales' purchase of Gemalto (also an HSM manufacturer). The intention was that nCipher would operate separately from Thales until such time as a buyer could be found.

It is almost certain that discussion between Thales and Entrust were already well-advanced when SecurityWeek spoke to nCipher in January. Peter Galvin, chief strategy and marketing officer at nCipher Security, told SecurityWeek that he saw new growth in PKI (public key infrastructure) based on the expanding IoT. "PKI has been around for years," he said, "but companies are now beginning to install systems, and there are new opportunities with IoT. If you start to think about the 20 billion devices that are going to be installed over the next few years, you can protect the authenticity of the devices with a key or certificate associated with them, and you protect communication with and from them with encryption."

Entrust Datacard offers trusted identity and secure transaction technologies. It has an ioTrust product designed for the deployment of secure PKI-based IoT ecosystems. The purchase of nCipher will expand its offerings to those companies who wish to secure IoT PKI keys locally and securely. 

Of course, the advantages of owning and selling its own HSMs goes far beyond IoT alone. The use of encryption generally is growing rapidly in cloud and mobile technologies, and HSMs are the perfect solution to managing crypto keys.

"This acquisition is an excellent complement to our expertise in both cryptography and hardware and will extend our ability to meet the evolving security needs of our customers globally while allowing us to accelerate our own growth," said Todd Wilkinson, president and CEO of Entrust Datacard.

nCipher's CEO Cindy Provin agrees. "nCipher Security is delighted to join Entrust Datacard," she said. "There is a powerful synergy between our solutions and the combination of our organizations will accelerate innovation for our customers as they embark on initiatives such as mobility, cloud and IoT to grow their businesses and simultaneously strive to protect data and manage ever-growing cyber risk." 

For Thales, the sale is not about selling nCipher but about ensuring the purchase of Gemalto. "This announcement marks a key step in the ongoing process regarding the acquisition of Gemalto which we expect to close by end March 2019," said Philippe Keryer, executive VP, strategy, research and technology at Thales. "We are convinced that nCipher Security will strongly leverage the expertise of Entrust Datacard, an organization focused on their competencies in the development of safe and secure access to information, applications and networks as well as its global presence specifically in Europe and in North America."

No announcement has been made over the fate of nCipher's current 300 employees -- although it seems likely that the majority will be retained after the sale. "The Thales General Purpose HSM solution, known as nCipher Security, has a strong market position, brings with it exceptional internal talent and offers us the ability to develop even more comprehensive solutions for our clients,î said Wilkinson.

The purchase is not quite guaranteed. "This transaction is expected to close during the second quarter of 2019," announced Thales. "It addresses commitments made by Thales to several competition authorities to divest this business to a suitable purchaser in order to ensure a strongly competitive market for GP HSM solutions and to finalize the acquisition of Gemalto. The transaction is subject to the successful completion of the acquisition of Gemalto by Thales, the approval of Entrust as a suitable purchaser by the European Commission, US Department of Justice, Australian Competition and Consumer Commission, and New Zealand Commerce Commission, and the satisfaction of customary closing conditions."

Related: Utimaco's Acquisition of Atalla HSM Product Line Gets Regulatory Clearance 

Related: Examining Threats Facing Public Key Infrastructure (PKI) and (SSL) 

Related: Google Announces New Cloud Key Management System 

Related: Enterprise Data Encryption Challenged by Key Management 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.