3 Comments

Summary:

CloudHSM could make regulation-constrained companies and agencies more comfortable entrusting workloads to the Amazon Web Services public cloud.

AWS: Reinvent
photo: Barb Darrow

Amazon Web Services runs on tons and tons of shared hardware. That’s a huge benefit in terms of cost but also spooks customers with strict regulatory requirements that prevent them from running their applications on shared infrastructure.

But now, as Amazon tries to woo these picky customers, it’s trying to replicate some of the perks that come with dedicated, on-premises hardware. That’s what the new CloudHSM service is about. Traditionally, a Hardware Security Module is a dedicated, hardened box for storing keys and running cryptography. Amazon says it can bring that dedicated security to its customers within its infrastructure.

.

cloudhsm

In a Tuesday night blog post, Amazon said CloudHSM:

“brings the benefits of HSMs to the cloud. You retain full control of the keys and the cryptographic operations performed by the HSM(s) you create, including exclusive, single-tenant access to each one. Your cryptographic keys are protected by a tamper-resistant HSM that is designed to meet a number of international and US Government standards including NIST FIPS 140-2 and Common Criteria EAL4+.”

Each CloudHSM provisioned for the customer incurs an upfront, one-time $5,000 fee and then an hourly rate of $1.88 per hour or $1,373 per month. Pricing is  here.

Bringing on-prem perks to public infrastructure

Amazon has made progress in offering more enterprise-grade cloud capabilities with its GovCloud services and Virtual Private Cloud capabilities. But still, even some of the biggest AWS customers will only put parts of their workloads on the Amazon cloud. The mission-critical goodies stay on premises or on private clouds.

That’s why Amazon has to get more acclimated with private cloud capabilities — observers say one reason that AWS might be building a private cloud for the CIA, as has been reported, is to prove its credibility there.  And that’s why we’ll be seeing more services like this CloudHSM service.

  1. Interesting article,

    The problem for Amazon though is that their systems are open for the US authorities to monitor and look in to without notifying the user. That´s what´s really scary with US based cloud solutions. And that is what prevents companies outside of the US to use this kind of services.

    /Mathias
    CEO CloudMe

    Share
    1. you’re right (hi Mathias) i may follow up on this

      Share
      1. If the end user controls encrypts their data in transit and at rest, and maintains control of their encryption keys, then any government request/subpoena for the data, without involving the end user, would simply result in a bunch of encrypted data.

        Share

Comments have been disabled for this post