AWS CloudHSM

  • AWS CloudHSM provides secure cryptographic key storage to customers by making hardware security modules (HSMs) available in the AWS cloud
  • AWS CloudHSM helps meet corporate, contractual and regulatory compliance requirements for data security by using dedicated HSM appliances within the AWS cloud.
  • A hardware security module (HSM)
    • is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware module.
    • are designed with physical and logical mechanisms, to securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance.
    • physical protections include tamper detection and tamper response. When a tampering event is detected, the HSM is designed to securely destroy the keys rather than risk compromise
    • logical protections include role-based access controls that provide separation of duties
  • CloudHSM allows encryption keys protection within HSMs, designed and validated to government standards for secure key management.
  • CloudHSM helps comply with strict key management requirements within the AWS cloud without sacrificing application performance
  • CloudHSM uses SafeNet Luna SA HSM appliances
  • HSMs are located in AWS data centers, managed and monitored by AWS, but AWS does not have access to the keys
  • AWS can’t help recover the key material if the credentials are lost
  • HSMs are inside your VPC and isolated from the rest of the network
  • CloudHSM provides single tenant dedicated access to each HSM appliance
  • Placing HSM appliances near your EC2 instances decreases network latency, which can improve application performance
  • Only you have access to the keys and operations to generate, store and manage on the keys
  • Integrated with Amazon Redshift and Amazon RDS for Oracle
  • Other use cases like EBS volume encryption and S3 object encryption and key management can be handled by writing custom applications and integrating them with CloudHSM

results matching ""

    No results matching ""