Amazon Is Making Its Cloud More Secure Using Cryptography In CloudHSM2 min read
The cloud is getting bigger and better over time in providing quality services to users across the globe; however many people are still worried because of the rising security concerns. Therefore to continue growing, cloud vendors need to change this perception, and take note of the security issues.
Amazon, a bigger name in cloud services industry has stepped forward to combat with the rising security concerns, and has recently come up with a secure Safenet’s Luna-SA appliance for its cloud. The new service Hardware Security Module or CloudHSM will offer Amazon’s cloud customers to create and manage encryption keys for the security of their data on the cloud.
Initially the service will be accessible only for Amazon’s Virtual Private Cloud customers, but soon it will be made available to Amazon’s users across the globe. For customers on Virtual Private Cloud employing services of virtual servers over virtual private networks, Amazon has allotted an IP address to the appliance, allowing its accessibility to contracted customers only. It will keep monitoring the service to ensure its proper functioning.
In a blog post, AWS chief evangelist Jeff Barr wrote, “Some of our customers are in situations where contractual or regulatory needs mandate additional protection for their keys,” He further said, “The CloudHSM service helps these customers to meet strict requirements for key management without sacrificing application performance.”
Amazon’s new hardware security module will offer its customers a more secure way of keeping cryptographic keys, digital signature and rights on the cloud when needed, without maintaining it on-site or uploading it on cloud. The new key management system will facilitate businesses to get their data on the cloud more quickly and safely.
Amazon Web Services mentioned in a blog post that until now Amazon’s only option is to protect the data either on its own datacenters or to set out local HSMs to guard encrypted data in the cloud, but in any case it will restrict and prevent the customers from transferring their important data on to the cloud, thus affecting the performance of applications significantly.
In a FAQ, Amazon explained the usability of its new CloudHSM in encrypting databases, management of digital rights, public key infrastructure for authentication and authorization, document signing and transaction processing. The CloudHSM also supports PKCS#11, MS CAPI, and Java JCA/JCE APIs.
The HSM confirms the US and internationally defined standards for cryptographic modules, and allows storing of keys across several CloudHSMs in many datacenters or continental regions, and even lets keys sharing between the organization’s on-site services and the cloud.
The customers can avail services by renting the CloudHSM on hourly or monthly basis. Though it is managed and monitored by AWS, customers will have administrative rights on their owned partition within the CloudHSM, and need to pay $5,000 per month or $1.88 per hour, while for data transfer of more than 5 TB in and out of service; they will be charged $.02/GB on a monthly basis by Amazon.