Cloud // Infrastructure as a Service
News
3/26/2013
11:57 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Amazon CloudHSM Aims To Ease Security Worries

Amazon Web Services adds security appliance to keep encryption keys out of common infrastructure, help public cloud users comply with strict compliance regulations.

10 Tools To Prevent Cloud Vendor Lock-in
10 Tools To Prevent Cloud Vendor Lock-in
(click image for larger view and for slideshow)
Amazon Web Services (AWS) is adding a single-tenant, secure hardware cloud appliance to its usual software services to give customers an extra-secure method of storing encryption keys, issuing digital signatures and executing digital rights management in compliance with strict regulations.

AWS CloudHSM uses Safenet's Luna-SA appliances. AWS is making them available in EC2 only to Virtual Private Cloud customers, who access their virtual servers over virtual private networks and use other security precautions. The appliance is given an IP address within the virtual private cloud and is accessible only to the customer contracting for it, even though Amazon monitors it and ensures that it remains up and running.

The availability of a hardware security module (HSM) inside Amazon's EC2 allows a cloud user to store a cryptographic key, digital signature, digital rights, etc. in the cloud instead of having to maintain them on premises and upload them to an application in the cloud when they're needed. The latter inevitably slows performance and adds to the time needed to get work done.

The appliance is an Ethernet device that is tamper-resistant and can call up and use a cryptographic key without exposing it outside the device's boundaries. AWS CTO Werner Vogels considered the hardware addition significant enough to alert his thousands of Twitter followers. Noting virtual private clouds already come with security protection measures, he referred followers to an AWS blog post that said rigorous contractual or regulatory requirements in some cases require "additional protection."

[ What will it take for users to feel safe in a public cloud? Public Cloud Concerns Remain Strong: Survey. ]

When it came to security keys themselves, "Until now, organizations' only options were to maintain data in on-premises datacenters or deploy local HSMs to protect encrypted data in the cloud. Unfortunately, those options either prevented customers from migrating their most sensitive data to the cloud or significantly slowed application performance," AWS said in its blog post.

Amazon released a whitepaper this month describing its existing AWS security measures.

An Amazon FAQ suggested CloudHSM would be good for encrypting databases in the cloud, storing the keys of public key infrastructure, authentication and authorization, document signing, digital rights management, and transaction processing.

Amazon will charge a one-time fee $5,000 to set up the CloudHSM and $1.88 per hour or $1,373 per month on average thereafter until the CloudHSM is terminated. As usual with a new service, it is available only in AWS's U.S. East data center in Ashburn, Va. in the U.S., and at its Dublin, Ireland, facility in Europe. Amazon did not say whether CloudHSM would also become available in its other regional centers in the U.S. or around the world.

Comment  | 
Print  | 
More Insights
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.