Thales to sell nCipher to Entrust Datacard

Thales has signed an agreement to sell its general purpose hardware security module (HSM) business to trusted identity and secure transaction technology firm Entrust Datacard.

The HSM business has been operating as a separate stand-alone business within Thales since January 2019 under the brand nCipher Security after being part of Thales eSecurity for 11 years.

Thales acquired nCipher for $100m, but did not disclose the value of the deal with Entrust Datacard in making the announcement.

In January, Thales said the HSM business would be held separate from the rest of the Thales Group pending its divestiture to a third-party buyer.

The move came as the result of Thales Group’s offer to acquire Netherlands-based digital security firm Gemalto for €4.8bn and the consequent demands of a number of antitrust agencies, including the European Commission (EC), to create a strong player in the general purpose HSM market.

The EC found that the proposed merger would lead to very high combined market shares and would eliminate the competitive constraints that Thales and Gemalto currently exercise on each other in the general purpose HSM market.

This deal with Entrust Datacard is expected to close during the second quarter of 2019, subject to the successful completion of the acquisition of Gemalto by Thales and the approval of Entrust as a suitable purchaser by the European Commission, US Department of Justice, Australian Competition and Consumer Commission, and New Zealand Commerce Commission.

Thales said the deal will enable nCipher Security, which has more than 300 employees and reported more than €100m in revenues in 2018, to “continue to deliver innovative solutions and services and strengthen its market leadership”.  It added that Entrust Datacard is a global leader in public key infrastructure (PKI) solutions and services, and the primary use case for GP HSMs in protecting infrastructure private keys such as root and issuing certification authorities keys.

“This makes Entrust Datacard the ideal organisation for Thales to divest this business, ensuring its leadership position in the GP HSMs market and providing trust, integrity and control to business-critical applications,” the company said.

Entrust Datacard said GP HSMs are a core component of its solutions and are an underlying part of the security infrastructure of the company’s PKI and secure socket layer (SSL) offerings.

Philippe Keryer, strategy, research and technology executive vice-president at Thales, said the deal marks a key step in the acquisition of Gemalto, which is expected to close by the end of March 2019.

“We are convinced that nCipher Security will strongly leverage the expertise of Entrust Datacard, an organisation focused on their competencies in the development of safe and secure access to information, applications and networks, as well as its global presence specifically in Europe and in North America,” said Keryer.

Todd Wilkinson, president and CEO of Entrust Datacard, said the acquisition is an “excellent complement” to Entrust Datacard’s expertise in cryptography and hardware.

“The acquisition will extend our ability to meet the evolving security needs of our customers globally while allowing us to accelerate our own growth,” he said.

“And nCipher Security, which has a strong market position, brings with it exceptional internal talent and offers us the ability to develop even more comprehensive solutions for our clients.”

Entrust Datacard said the acquisition will also address the increased demand for data security stemming from regulations such as the EU General Data Protection Regulation (GDPR) and the electronic identification, authentication and trust services (eIDAS) regulation.

Cindy Provin, chief executive officer of nCipher Security, said there is a “powerful synergy” between the two companies’ solutions.

“The combination of our organisations will accelerate innovation for our customers as they embark on initiatives such as mobility, cloud and IoT [internet of things] to grow their businesses and simultaneously strive to protect data and manage ever-growing cyber risk,” she said.