Most Read Technology Reporter For More Than Two Decades

Maureen O'Gara

Subscribe to Maureen O'Gara: eMailAlertsEmail Alerts
Get Maureen O'Gara: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Cloud Hosting & Service Providers Journal, Microservices Journal, Secure Cloud Computing, Amazon Cloud Journal

Article

New AWS Service Pats the Hand of the Standoffish

The way CloudHSM works customers retain full ownership, control and access to keys and sensitive data

For its latest trick Amazon Web Services has launched CloudHSM so users - pointedly the enterprise - can up their data security and meet compliance requirements by using dedicated, tamper-resistant Hardware Security Module (HSM) appliances within the AWS cloud.

The widgetry actually comes from SafeNet.

Amazon says the CloudHSM service lets customers securely generate, store and manage the cryptographic keys used for data encryption so they're only accessible by the customer.

It recognizes that some applications and data are subject to rigorous contractual or regulatory mandates for managing cryptographic keys but up till now organizations' only options were to maintain data in on-premises data centers or deploy local HSMs to protect encrypted data in the cloud.

"Unfortunately those options either prevented customers from migrating their most sensitive data to the cloud or significantly slowed application performance."

The way CloudHSM works customers retain full ownership, control and access to keys and sensitive data while Amazon manages the HSM appliances in close proximity to their applications and data for maximum performance, i.e., cutting down on latency.

CloudHSM can support use cases and applications like database encryption, Digital Rights Management (DRM) and Public Key Infrastructure (PKI) including authentication and authorization, document signing and transaction processing.

The appliances are provisioned inside Amazon's Virtual Private Cloud (VPC) with an IP address the user specifies.

The widgetry is supposed to meet international Common Criteria EAL4+ and US government NIST FIPS 140-2 standards for cryptographic modules.

It'll cost at least $5,000 upfront and $1.88 an hour or about $1,373 a month.

It can take a few weeks to provision more than two appliances.

See http://aws.typepad.com/aws/2013/03/aws-cloud-hsm-secure-key-storage-and-cryptographic-operations.html and http://aws.amazon.com/cloudhsm/.

More Stories By Maureen O'Gara

Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025. Twitter: @MaureenOGara

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.