Amazon takes aim at security conscious enterprises with new appliance

Grazed from InfoWorld. Author: Mikael Ricknäs.

In a bid to improve data security, Amazon Web Services (AWS) has launched AWS CloudHSM, which uses a separate appliance to protect cryptographic keys used for encryption. There are already a variety of alternatives for protecting sensitive data on Amazon’s cloud. But for some applications and data that are subject to contractual or regulatory mandates for managing cryptographic keys, additional protections may be necessary. Here is where the CloudHSM (Hardware Security Module) fits in, according to Amazon.

Until now, organizations’ only options were to keep data locally or to deploy equipment in-house to protect encrypted data in the cloud, which has a negative impact on application performance, it said. The service is powered by a Luna SA appliance from SafeNet that has a tamper-resistant enclosure. An enterprise can store its keys on the unit and use them to encrypt and decrypt data, while having full control, according to Amazon. Potential applications include database encryption, authentication and authorization, document signing, and transaction processing…

Applications can be integrated using APIs such as Java JCA/JCE (Java Cryptography Architecture/Java Cryptography Extensions). When an enterprise signs up for the service they receive single-tenant access to each appliance. The appliance appears as a network resource in a Virtual Private Cloud (VPC). Amazon has administrative credentials to the appliance, but those can only be used to manage the appliance. The separation of duties and role-based access control is a key part of the SafeNet Luna SA, according to Amazon…

Read more from the source @ http://www.infoworld.com/d/cloud-computing/amazon-takes-aim-security-conscious-enterprises-new-appliance-215310