The Thales-Gemalto Merger: What Does It Mean?

As a longtime player in enterprise key management infrastructure, we have been advocating for stronger encryption, authentication and key management for years. We have worked to educate the market on securing the core, which includes a combination of factors like application-layer encryption, strong industry standards such as the FIDO2 protocol and hardware-based key management using hardware security modules (HSMs) or the more cost-effective Trusted Platform Modules (TPMs).

Data protection is our passion, and anytime a big move comes along to shake the industry, we seek to understand what it means and how it will impact the market. 

That’s why we’re taking a moment to look into Thales’s acquisition of Gemalto.

What does this acquisition mean?

Consolidation of this kind happens when older, established companies realize that they lack a new technology that the market wants. The HSM industry has been consolidating for more than a decade, which signals the beginning of a new tech cycle in security. New regulatory requirements are part of that new cycle because they increase demand for data security.

However, even though technologies and laws are changing, costs are not. The price of an entry-level FIPS 140-2 Level 3 HSM has remained unchanged for almost two decades, and we can expect the consolidators to maintain price – rarely do they acquire and drop prices.

Who is affected?

While the fintech and defense industries were primarily affected by these mergers in the past, today almost every business that stores and processes personally-identifiable information (PII) is also affected. GDPR and the upcoming CCPA mandate the protection of PII; companies are already being fined for lesser offenses (such as Google being fined $50 million for not receiving consent from customers for sharing PII with third-party companies). We can only expect regulation and enforcement to increase, requiring companies that store and/or process PII to pay significant attention to these new privacy regulations.

Our approach

StrongKey has been investing in R&D to create more choices for its customers for nearly 20 years. We have made the FIPS 140-2 Level 2 certified TPM the default cryptographic hardware module across our product line. This approach exceeds the requirements for protecting sensitive data in most data protection regulations around the world while passing along significant cost savings to our customers. 

But we haven’t stopped there.

Besides integrating this high-security component within our solutions, we have gone further to simplify the development of business applications when using our appliances by not requiring developers to learn legacy APIs that stretch projects into months of effort. StrongKey solutions provide encryption, tokenization, card-present transaction processing, strong authentication and key management, leveraging industry-standard protocols, and deliver them with open-source licensing to dramatically reduce deployment costs. 

We deliver all of this without sacrificing security and convenience, with the requisite key custodians proving they have full control over cryptographic keys for compliance to data security and privacy regulations.

Looking ahead

Acquiring companies want to consolidate cost savings and market power. They see the market opportunity but likely are too big, too expensive and too out of touch with current market technology to adapt. They are likely to be disrupted by companies that are more agile and market-savvy and can offer innovative data security solutions at a lower price point.

Time will tell if the Thales-Gemalto merger succeeds. Meanwhile, StrongKey has been diligently investing in creating innovative alternatives that have been validated on six continents by dozens of customers in mission-critical environments. Though such mergers reduce the number of players in the market, they can also highlight the players who already have what the market is asking for. In that respect, StrongKey welcomes this news.

Arshad Noor
Author

Arshad Noor

More posts by Arshad Noor