A technique provides hardware security module (HSM) operability which is performed in a computing device. The technique involves running, by processing circuitry of the computing device, a virtual machine monitor to provide a virtual machine environment. The technique further involves running, by the processing circuitry, a security module VM within the virtual machine environment. The security module VM is configured to perform HSM operations on behalf of a set of other VMs. The technique further involves imposing, by the processing circuitry, a requirement that all access between the security module VM and the set of other VMs occur through the virtual machine monitor to isolate and protect the security module VM against tampering.