Cybersecurity Blog

SPE Selects ARIA microHSM for VMware Key Encryption

Written by ARIA Cybersecurity Solutions | Feb 1, 2021 2:15:51 PM

SPE, a managed IT services provider serving the healthcare and telecommunications industries, has deployed the ARIA microHSM solution as its preferred key management server (KMS) to secure its internal VMware environment. ARIA’s microHSM hardware security module has the ability to generate hundreds of keys per minute, overall ease of deployment, ability to scale, and zero-footprint deployment set it apart from the competition.  

“The ARIA microHSM proved to be the ideal solution for our VMware encryption needs,” said Paolo Prandirini, CEO, SPE. “Since it is built on a PCIe network adapter, it was easy to deploy in our existing environment and offers ample opportunity for expansion. With little effort, we were able to encrypt our VMware applications as well as data at rest."  

The ARIA microHSM device is an optimal choice for companies looking to replace their legacy hardware security module (HSM) appliances. The unique approach of delivering KMS functionality using a PCIe SmartNIC (inserted into any commercially available server) provides benefits not achievable by today’s out-dated and proprietary HSMs:

  • It is plug-and-play for deployment in minutes and easy to update and maintain.
  • It offloads from the host CPU, preserving processing power, and separates the key generation and management from the rest of the environment.
  • It is a highly available solution that shields the key store in the event of a breach.
  • ARIA microHSM embraces best practice methods like “Bring Your Own Key” (BYOK), sending encryption keys anywhere needed — cloud, VMs, or cloud applications.
  • It can secure any key management interoperability protocol (KMIP)-compatible application


There are two important technical advantages with the ARIA microHSM. The first is in relation to BYOK functionality and the ability to generate and send keys throughout the environment. Namely, it puts the customer in full control of their data as no other entity (such as cloud providers)  is performing encryption and removes the risk of third-party exposure. In addition, by leveraging the application server’s PCIe slot it saves power and space rather than requiring a networked appliance. In addition, it avoids remote network latency, thereby ensuring optimal application performance.