AWS has just released CloudHSM, which stands for Cloud Hardware Security Modul.
Companies that required their data to be encrypted before it was stored into AWS S3 or any other service needed to manage the encryption keys themselves. These keys were usually stored on-premise, making it difficult to coordinate with AWS data and applications. Performance was also affected because AWS requires that AWS applications contact on-premise services in order to use these keys.
You can enter AWS CloudHSM to solve some of these problems. HSM is a dedicated hardware device that stores cryptography encryption keys and decryption key. First, a Virtual Private Cloud subnet must be created. Then a HSM will be provisioned in that subnet. Applications in that VPC can then use the HSM device via the ip-address assigned to that HSM. This will eliminate the need to store cryptograpic keys locally, which will make the application completely cloud-based and reduce the latency for cloud applications to access it.
The device is very expensive at USD 5,000 for a single device. It is also expensive at $1.88 an hour. It is a service that is best suited for large and medium-sized companies. We would love it if this service could be offered as a pay-per-use service so that startups and smaller organizations could try it.
More information on this service: https://aws.amazon.com/cloudhsm/
CloudHSM (Hardware Safety Module) Launched by AWS
