The reaction from the average IT architect is to just select another vendor that provides yet another closed-source, blackbox hardware security solution, backdoored by who know which government(s) &| other entities. Open source hardware is (un)fortunately a necessary requirement (verilog/vhdl, firmware sources and no blackbox SoCs), samples of which are periodically verified by destructive and nondestructive means. Very, very costly, but doable and raises confidence.