Data is crucial in the current internet scenario. Despite all the efforts in place, a tiny amount of lenience will cause cyber-fraudsters to hack our data. Usually, all cloud providers have some kind of encryption services. In this post, you can find how AWS manages encryption.
In the way to learn more, basically, there are 8 Popular Encryption Methods. But, AWS supports only two kinds of encryption services.
Encryption Management in AWS.
In AWS, the encryption basically is managed by AWS Key Management Service and AWS CloudHSM.
The first point you need to understand on AWS.
- The encryption in AWS is managed service.
- All the managed services handled by third parties.
What are Managed Services (Wiki)?
Managed services are the practice of outsourcing the responsibility for maintaining, and anticipating the need for, a range of processes and functions in order to improve operations and cut expenses. It is an alternative to the break/fix or on-demand outsourcing model where the service provider performs on-demand services and bills the customer only for the work done.
AWS Key Management Service.
- AWS Key Management Service (AWS KMS) is a managed AWS service that makes it easy to create and manage encryption keys to encrypt your data across a wide range of AWS services and in your applications.
- As a secure, resilient service, AWS KMS uses FIPS 140-2 validated cryptographic modules, known as a hardware security module (HSM), to protect your master keys. The Federal Information Processing Standards (FIPS) are responsible for defining security requirements for cryptographic modules.
AWS Key Management Features.
- Centralized key management
- Integration with other AWS services
- Audit capabilities and high availability
- Custom key store
CloudHSM Encryption Management.
AWS CloudHSM offers third-party, validated FIPS 140-2, level-three hardware security modules in the AWS Cloud. The hardware security module is a computing device that provides a dedicated infrastructure to support cryptographic operations.
You can use CloudHSM to support encryption for your application while running in your own Amazon Virtual Private Cloud (Amazon VPC). This means that your Amazon Elastic Compute Cloud (Amazon EC2) instances can access the CloudHSM device quickly while isolating them from other networks.
CloudHSM provides both asymmetric and symmetric encryption capabilities. Additionally, you can use the CloudHSM software libraries to integrate applications with HSMs in your cluster. The libraries include PKCS #11, Sun Java JCE (Java Cryptography Extension), and Cryptography API: Next Generation (CNG) providers for Microsoft. By using these libraries, you can perform cryptographic operations on the HSMs.