In the eyes of many enterprises, the public cloud is a dangerous landscape of shared hardware, a virtual Mogadishu of regulatory compliance, and the last place a sane company would look to store sensitive data.
Amazon Web Services is looking to change this perception with CloudHSM (Hardware Security Module), a service unveiled Tuesday that gives customers access to a dedicated Luna SA HSM appliance from SafeNet, a Belcamp, Md.-based security vendor, running in an Amazon data center.
CloudHSM gives users access to "secure key storage and a set of cryptographic operations within a tamper-resistant enclosure," Amazon said in a Tuesday blog post. "You can store your keys within an HSM and use them to encrypt and decrypt data while keeping them safe and sound and under your full control. You are the only one with access to the keys stored in an HSM."
The Luna HSMs are built to meet U.S. and international security standards such as NIST FIPS 140-2 and Common Criteria EAL4+, and customers have "exclusive, single-tenant access to each one," Amazon said in the blog post. " We do not have access to your keys; they remain under your control at all times."
Amazon is dominating the public cloud IaaS space, but rivals are zeroing in on security fears to lure customers away from its low-cost charms. VMware earlier this month revealed plans to operate and manage its own public cloud service through partners, and it's sure to use promises of stronger security to lure customers. With CloudHSM, Amazon is looking to set a higher security bar.
Amazon's CloudHSM service is now available in multiple availability zones in the U.S. East (Northern Virginia) and EU West (Ireland) regions, and the vendor said it will be rolling out the service to other regions "based on customer demand."
Customers pay an up-front fee of $5,000 per HSM, along with an hourly charge of what is currently running at an average of $1.88 per hour -- $1,373 per month -- in the U.S. East region, Amazon said in the blog post.
PUBLISHED MARCH 29, 2013