Skip to main content
banner image
venafi logo

Amazon’s CloudHSM, a Step in the Right Direction

Amazon’s CloudHSM, a Step in the Right Direction

generic_blog_banner_image
March 27, 2013 | Gavin Hill

Earlier this week Amazon Web Services announced their new CloudHSM offering. Essentially the service is a Luna SA appliances offered by SafeNet for each tenant, and can take at least two days to provision once ordered. The cryptographic assets are not accessible to AWS as they hold the admin credentials and the customer keeps both the HSM Admin and HSM Partition Owner credentials.

You can choose from multiple availability zones in the US East and EU West regions. The Cloud HSM is meant specifically for use in the AWS Virtual Private Cloud (VPC).

Amazon CloudHSM

Ref: AWS CloudHSM

The addition of the AWS CloudHSM is a welcome evolution in making the cloud more secure. However it still leaves many problems. In a recent publication about the “Cost of Failed Trust” by the Ponemon Institute, the average global 2000 organization has in excess of 17,000 encryption keys and certificates spread across their network. A network that spans the enterprises datacenter into virtual private clouds such as the AWS offering, and mobile devices.

Organizations need to be weary of silo management of encryption keys and certs. The Cloud HSM is only available for AWS Virtual Private Cloud workloads. Thus creating silo management of keys and certificates for your AWS deployment, your datacenter deployment and mobile devices. You need to make sure you implement a centralized key management solution in order to gain full visibility into your entire key and certificate inventory.

The only key difference whether or not you are using an HSM on-premise or the AWS CloudHSM is the location of the HSM. You still need to be able to manage your entire key and certificate inventory. The CloudHSM is not going to provide you with this.

Make sure you deploy a key and certificate management platform, that from a single pane of glass can manage the encryption keys stored within the HSM—be it AWS CloudHSM or a locally installed one. Venafi Encryption Director manages any key, any certificate, anywhere.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

shutter

3 Steps that Stop the Speed of DevOps from Introducing Security Risk

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

generic_blog_banner_image

Venafi at RSA 2016: Breaking Closed Systems with Code-Signing

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat