AWS CloudHSM: Changing Cloud Encryption Conversation with HSMs

Last updated: 16 May 2016

Everyone knows that the cloud enables new business models and cost efficiencies over on-premise datacenters. However, enforcing security policies in this architecture presents new challenges and concerns for enterprises. In fact, “cloud security” is the most searched term on Gartner’s site (40% of searches!).

Amazon Web Services knows this is a concern, and frankly a barrier to moving to the cloud. So they’re offering an innovative new solution to enable data security: CloudHSM.

With CloudHSM, customers can put their encryption keys in the AWS cloud while retaining control of their keys. This is possible as the Hardware Security Module (HSM) allows the service provider to manage the HSM’s availability, while on the customer has access to their sensitive keys, ensuring compliance mandates around the world.

This is a huge step forward in the cloud, and changes the way service providers and organizations will think about and approach the security of cloud environments. Before, any organization who wanted to needed encryption keys for cloud applications had to manage those encryption keys on the customer premise, risk placing the key in a lower assurance software solution, or trust the cloud provider with the key management.

Most security conscious customers wouldn’t place the keys in the cloud, either in software or with the cloud provider, due to concerns over security or government data requests.  The reality is most organizations ended up not being able to move those workloads to the cloud.

AWS Cloud HSM Image
Image courtesy of Amazon Web Services

The AWS CloudHSM service allows you to protect your encryption keys in an HSM, the SafeNet Network HSM, which is designed and validated to government standards for secure key management.

You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you, and all housed in the AWS cloud instead of your private datacenter.

SafeNet is proud to be part of this innovative solution, and I congratulate my colleagues and counterparts at Amazon Web Services for launching a service that changes the architectural discussion around encryption keys and cloud.

You can learn more about the AWS solution by visiting their web site and reading the blog post. Visit our SafeNet Hardware Security Modules page or download our white paper,  HSM: Critical to Information Risk Management, to learn more about HSMs.

Leave a Reply

Your email address will not be published. Required fields are marked *