Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Amazon Offers Appliance-based Encryption Key Management Solution

Amazon’s latest security offering provides Amazon Web Services (AWS) customers with a separate appliance to securely store encryption keys, issue digital certificates, and manage cryptographic keys used for data encryption.

Amazon Web Services Logo

Amazon’s latest security offering provides Amazon Web Services (AWS) customers with a separate appliance to securely store encryption keys, issue digital certificates, and manage cryptographic keys used for data encryption.

Amazon Web Services Logo

With the new Amazon offering, called AWS CloudHSM, customers can store their encryption keys in a dedicated Luna SA appliance from SafeNet, Jeff Barr, chief evangelist for Amazon Web Services, said on the AWS blog. Available within Amazon EC2, CloudHSM (HSM is short for Hardware Security Module) is available as an appliance within the company’s Virtual Private Cloud. Amazon can manage the physical appliance, but cannot access anything stored within the appliance.

Up until now, companies who needed to retain control over their keys had to keep their most sensitive data on-premise or deploy physical appliances to manage the keys. If the data was in the cloud and the keys were stored locally, performance was slow because of network latency to decrypt and encrypt the data. With CloudHSM, customers now have access to a dedicated hardware security module in the cloud, Amazon said.

Free Resource: Aberdeen Research: Encryption, Without Tears

AWS CloudHSM

“With AWS CloudHSM, customers maintain full ownership, control and access to keys and sensitive data while Amazon manages the HSM appliances in close proximity to their applications and data for maximum performance,” Amazon said.

The new service can be used to support “a variety of use cases and applications,” such as database encryption, digital rights management, and public key infrastructure, Amazon said. PKI includes authentication and authorization, document signing, and transaction processing. CloudHSM targets customers subject to stringent regulatory, corporate, and contractual requirements to apply additional layers of data security.

“Some of our customers are in situations where contractual or regulatory needs mandate additional protection for their keys,” Barr said.

The Luna SA appliance has a tamper-resistant enclosure and can use the stored cryptographic key without exposing it outside the device. CloudHSM customers receive a single-tenant access to each Luna SA appliance, which appears as a network resource in Amazon’s Virtual Private Cloud. VPC customers access their virtual servers over virtual private networks and employ other layers of security.

Advertisement. Scroll to continue reading.

Customers can create and manage cryptographic keys, create user accounts, and perform cryptographic operations using those accounts, Amazon said.

“You can securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you,” Barr promised, adding, “We do not have access to your keys; they remain under your control at all times.”

CloudHSM costs $5,000 upfront and $1.88 per hour for as long as the customer owns the appliance. That averages out to about $1,373 per month. Network data transfers in and out of each unit exceeding 5000GB per month will incur an additional charge of $0.02 per GB. While there is no additional charge for using the VPC, enterprises connecting via hardware VPN gateway will be charged $0.05 per hour.

The service is available for two of Amazon’s data center hubs, US East (Northern Virginia), and EU West (Ireland) and the plan is to slowly expand to include other Amazon data centers around the world based on customer demand.

ResourceIs Your Enterprise Managing Certificates? Three Reasons It Should Be.

Resource: Aberdeen Research: Encryption, Without Tears

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.