Utimaco’s Acquisition of Atalla HSM Product Line Gets Regulatory Clearance

Aachen, Germany-based Utimaco has received U.S. regulatory clearance for the acquisition of the Atalla product lines from Micro Focus it first announced in May 2018. The transaction is now scheduled to close on November 5, 2018.

Both Utimaco and Atalla are leaders in hardware security modules (HSMs), but while Utimaco has concentrated on general-purpose HSMs, Atalla has majored on payment HSMs. Utimaco’s intention is to combine all HSM requirements into a single common platform for general purpose and payment purposes. “The traditional separation between “payment HSM” and “general purpose HSM” will eventually cease to exist, which is why our goal is to focus on innovation and invest in building one common platform for payment and general purpose HSM customers,” explains Utimaco CEO, Malte Pollmann.

Atalla’s HSM is a payments hardware module used for protecting sensitive data and associated keys for non-cash retail payment transactions, cardholder authentication and cryptographic keys. What is required, added Pollmann, is a single platform “providing the product in all required form factors: PCI, LAN and Cloud.”

The underlying driver is accelerating digital transformation fueled by mobile, cloud, blockchain and new regulations. As a result, says Utimaco, financial institutions and service providers of all sizes need out-of-the-box, proven and reliable technology to seamlessly interface with current payment infrastructures, while still enabling them to easily drive and adapt to the next generation of innovative services.

Utimaco already has a payments offering in its existing PaymentServer Line. This gained PCI PTS HSM V2 accreditation in October 2017, allowing customers to meet PCI Data Security Standard (PCI DSS), PCI Point-to-Point Encryption (PCI P2PE), and even PCI HSM compliance as a delta certification with custom code running on the HSM.

The Atalla product line is seen as complementary to Utimaco’s general purpose (SecurityServer) and payment (PaymentServer) lines, SecurityServer is certified to FIPS 140-2 Level 3 and physical Level 4; and this year gained Common Criteria (CC) certification for the CP5 product line. 

The acquisition, said Pollmann, “is a significant milestone, and we look forward to bringing the Atalla team under the information security umbrella of Utimaco. After several changes of ownership, we are happy to offer Atalla a long-term home in our HSM and information security business,” said Utimaco CEO, Malte Pollmann.” 

Micro Focus acquired Atalla after HPE CEO Meg Whitman announced, in September 2016, that it would be spun out and then merged with Micro Focus. 

Market Research Future forecast this month that the global HSM market would grow at an annual 13% rate to reach $1.115 billion dollars in 2022. With the added momentum in the payments section from Atalla (Utimaco is already the world’s second largest provider of HSMs), the firm is staking its claim for a sizable portion of that market.

Utimaco was acquired by Sophos in 2009. One year later, Sophos sold a majority interest to Apax Partners, and this was followed by a management buyout in 2013. Today, Utimaco’s primary investors are EQT, PINOVA Capital and BIP Investment Partners S.A.

Related: EU Antitrust Officials Probe Thales, Gemalto Merger 

Related: Google Announces New Security Tools for Cloud Customers 

Related: Microsoft Boosts Azure Security With Array of New Tools