Skip to main content
banner image
venafi logo

Amazon’s CloudHSM, a Step in the Right Direction

Amazon’s CloudHSM, a Step in the Right Direction

March 27, 2013 | Gavin Hill

Earlier this week Amazon Web Services announced their new CloudHSM offering. Essentially the service is a Luna SA appliances offered by SafeNet for each tenant, and can take at least two days to provision once ordered. The cryptographic assets are not accessible to AWS as they hold the admin credentials and the customer keeps both the HSM Admin and HSM Partition Owner credentials.

You can choose from multiple availability zones in the US East and EU West regions. The Cloud HSM is meant specifically for use in the AWS Virtual Private Cloud (VPC).

Amazon CloudHSM

Ref: AWS CloudHSM

The addition of the AWS CloudHSM is a welcome evolution in making the cloud more secure. However it still leaves many problems. In a recent publication about the “Cost of Failed Trust” by the Ponemon Institute, the average global 2000 organization has in excess of 17,000 encryption keys and certificates spread across their network. A network that spans the enterprises datacenter into virtual private clouds such as the AWS offering, and mobile devices.

Organizations need to be weary of silo management of encryption keys and certs. The Cloud HSM is only available for AWS Virtual Private Cloud workloads. Thus creating silo management of keys and certificates for your AWS deployment, your datacenter deployment and mobile devices. You need to make sure you implement a centralized key management solution in order to gain full visibility into your entire key and certificate inventory.

The only key difference whether or not you are using an HSM on-premise or the AWS CloudHSM is the location of the HSM. You still need to be able to manage your entire key and certificate inventory. The CloudHSM is not going to provide you with this.

Make sure you deploy a key and certificate management platform, that from a single pane of glass can manage the encryption keys stored within the HSM—be it AWS CloudHSM or a locally installed one. Venafi Encryption Director manages any key, any certificate, anywhere.

Like this blog? We think you will love this.
Featured Blog

Using mTLS in Kubernetes: Top Reasons

TLS everywhere is a good practice

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more