Why Your Cloud Service Might Need Hardware Security Modules

Storing business data in a public cloud service requires it to be highly secured. If you don't want to trust to a simple password arrangement, a hardware security module (HSM) might be the answer.

Motherboard picture from Shutterstock

An HSM manages the digital cryptographic keys used to log into systems, providing an added layer of security. Integrating an HSM into a public cloud infrastructure can be tricky, since typically customers don't have direct access to hardware and integration can be fiddly..

That doesn't mean it's impossible, however. Amazon Web Services offers a CloudHSM service for organisations that need the additional security of an HSM system. It isn't offered in every region Amazon operates, but Sydney is one of the four where it is available.

It isn't cheap, however: there's an up-front $U5000 fee to set up access, and then you'll pay $US2.24 per hour while it's in use. Running for a full year will cost you $US24,622.40.

Microsoft is also planning a similar option for Azure later this year. "Azure is going to provide a key management service where you can bring your own keys and store them in HSMs," Krishna Anumalasetty, principal program manager for Azure, said during a presentation at TechEd US earlier this year.

"That's coming in the future. Microsoft will not have access to the data or the keys in HSMs. That way you feel secure and you have a lot more control over who can decrypt that data."

How you connect the HSM will depend on your business needs and the technologies you choose. "Depending on the authentication method the HSM works with, you would need ExpressRoute or a VPN to connect to your on-premises HSM," Anumalasetty said.

"When Azure provides HSM in future, that will simplify key management. Microsoft has tested this with some of the HSMs and there will be a white paper on how this works soon."


Comments

    You could always use a service like Symantec MPKI that has been doing HSMs and key management in the cloud since 1995. I've architected quite a few systems using this.

    Considering so many benefits, I am all for this hardware security module despite that it’s not cheap. I like the idea of Microsoft not having access to your data or keys within the module. Another advantage that businesses are going to have with these HSMs is that they can connect depending upon their needs and choice of different technologies.

Join the discussion!

Trending Stories Right Now