/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Amazon Web Services, the cloud arm of Amazon Inc., has added a new 'powerful' security option, the AWS CloudHSM service, which will help customers to meet strict requirements for key management without sacrificing application performance.
It is aimed at customers who are in situations where contractual or regulatory needs mandate additional protection for their keys, note AWS chief evangelist Jeff Barr in a blog post.
HSM, or Hardware Security Module, is a piece of hardware - a dedicated appliance that provides secure key storage and a set of cryptographic operations within a tamper-resistant enclosure.
"You can store your keys within an HSM and use them to encrypt and decrypt data while keeping them safe and sound and under your full control. You are the only one with access to the keys stored in an HSM. The AWS CloudHSM service brings the benefits of HSMs to the cloud. You retain full control of the keys and the cryptographic operations performed by the HSM(s) you create, including exclusive, single-tenant access to each one. Your cryptographic keys are protected by a tamper-resistant HSM that is designed to meet a number of international and US Government standards including NIST FIPS 140-2 and Common Criteria EAL4+," added Barr while describing the functionality of the new security feature.
Each CloudHSMs has an IP address within Amazon Virtual Private Cloud (VPC). Users will receive administrator credentials for the appliance, allowing them to create and manage cryptographic keys, create user accounts, and perform cryptographic operations using those accounts. Even AWS does not have access to these keys, and they remain under users' control at all times.
The appliances run version 5 of the Luna SA software. Once AWS CloudHSM is provisioned, users can access it through a number of standard APIs including PCKS #11 (Cryptographic Token Interface Standard), the Microsoft Cryptography API (CAPI), and the Java JCA/JCE (Java Cryptography Architecture / Java Cryptography Extensions).
AWS CloudHSM is now available in multiple Availability Zones in the US East (Northern Virginia) and EU West (Ireland) Regions. Amazon plans to introduce it in other regions in 2013, based on customer demand. The CloudHSM service will be available for an an one-time upfront fee of $5,000 per HSM, or an hourly rate of $1.88 per hour or $1,373 per month on average.