Amazon Web Services last push towards security and compliance: CloudHSM

We are getting used to the fast pace of innovation and new tools brought by Amazon Web Services (AWS), but this week CloudHSM  announcement  was a surprise. So, you do not trust AWS to store your keys and keeping them outside adds complexity and impacts performance? You want to use AWS but you have critical and confidential data and you need to comply with security standards? The CloudHSM is the answer to these questions.

An Hardware Security Module (HSM) is like a (big) smartcard that is certified and physically protects your keys. When detecting an attack, the first thing the HSM does is to erase the keys in a secure maner.

Nevertheless, the idea of providing HSM as a Service is very innovative, thank you AWS! Nevertheless, this kind of toys do not come cheap and key management (rotation, revocation just to give 2 examples) is always a tricky issue. We look forward to test it and to include the CloudHSM in our reference architectures in AWS!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s