Connect with us

Hi, what are you looking for?


Identity & Access

Utimaco’s Acquisition of Atalla HSM Product Line Gets Regulatory Clearance

Aachen, Germany-based Utimaco has received U.S. regulatory clearance for the acquisition of the Atalla product lines from Micro Focus it first announced in May 2018. The transaction is now scheduled to close on November 5, 2018.

Aachen, Germany-based Utimaco has received U.S. regulatory clearance for the acquisition of the Atalla product lines from Micro Focus it first announced in May 2018. The transaction is now scheduled to close on November 5, 2018.

Both Utimaco and Atalla are leaders in hardware security modules (HSMs), but while Utimaco has concentrated on general-purpose HSMs, Atalla has majored on payment HSMs. Utimaco’s intention is to combine all HSM requirements into a single common platform for general purpose and payment purposes. “The traditional separation between “payment HSM” and “general purpose HSM” will eventually cease to exist, which is why our goal is to focus on innovation and invest in building one common platform for payment and general purpose HSM customers,” explains Utimaco CEO, Malte Pollmann.

Atalla’s HSM is a payments hardware module used for protecting sensitive data and associated keys for non-cash retail payment transactions, cardholder authentication and cryptographic keys. What is required, added Pollmann, is a single platform “providing the product in all required form factors: PCI, LAN and Cloud.”

The underlying driver is accelerating digital transformation fueled by mobile, cloud, blockchain and new regulations. As a result, says Utimaco, financial institutions and service providers of all sizes need out-of-the-box, proven and reliable technology to seamlessly interface with current payment infrastructures, while still enabling them to easily drive and adapt to the next generation of innovative services.

Utimaco already has a payments offering in its existing PaymentServer Line. This gained PCI PTS HSM V2 accreditation in October 2017, allowing customers to meet PCI Data Security Standard (PCI DSS), PCI Point-to-Point Encryption (PCI P2PE), and even PCI HSM compliance as a delta certification with custom code running on the HSM.

The Atalla product line is seen as complementary to Utimaco’s general purpose (SecurityServer) and payment (PaymentServer) lines, SecurityServer is certified to FIPS 140-2 Level 3 and physical Level 4; and this year gained Common Criteria (CC) certification for the CP5 product line. 

The acquisition, said Pollmann, “is a significant milestone, and we look forward to bringing the Atalla team under the information security umbrella of Utimaco. After several changes of ownership, we are happy to offer Atalla a long-term home in our HSM and information security business,” said Utimaco CEO, Malte Pollmann.” 

Advertisement. Scroll to continue reading.

Micro Focus acquired Atalla after HPE CEO Meg Whitman announced, in September 2016, that it would be spun out and then merged with Micro Focus. 

Market Research Future forecast this month that the global HSM market would grow at an annual 13% rate to reach $1.115 billion dollars in 2022. With the added momentum in the payments section from Atalla (Utimaco is already the world’s second largest provider of HSMs), the firm is staking its claim for a sizable portion of that market.

Utimaco was acquired by Sophos in 2009. One year later, Sophos sold a majority interest to Apax Partners, and this was followed by a management buyout in 2013. Today, Utimaco’s primary investors are EQT, PINOVA Capital and BIP Investment Partners S.A.

Related: EU Antitrust Officials Probe Thales, Gemalto Merger 

Related: Google Announces New Security Tools for Cloud Customers 

Related: Microsoft Boosts Azure Security With Array of New Tools 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.