At a conference recently, I heard a speaker make a reference to cloud-based key management via a hardware security...
module, or HSM. What is an HSM? How do I know whether I need one, given all the other cloud security options we use?
The short answer is, if you haven't heard much about HSMs, you probably don't need one for information security -- at least, not yet. You can find plenty of other easier and cheaper options to secure your data.
HSMs are dedicated hardware systems specifically designed to store and manage private and public keys, such as secure sockets layer, or SSL, certificates. Among the best-known HSM offerings is Amazon Web Services CloudHSM, which works inside the AWS cloud. AWS describes CloudHSM as a service that "allows customers to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by the customer."
These systems are useful if you need to run digital rights management or a public key infrastructure. These systems can be used to provide high levels of security for products that require it, particularly to ensure regulatory compliance.
But that's much more security than you need for most typical projects. Unless you are working with such information as classified government data, confidential medical information or building-identity systems, you probably don't need an HSM.
Dig Deeper on AWS security
Related Q&A from Chris Moyer
Can an application have Python as a container, run SQL queries on an external Microsoft SQL database and publish the results on an Apache web server ... Continue Reading
The wait is over, as you can now trigger Lambda functions with SQS messages. Follow these steps to get up and running with this new capability. Continue Reading
Event-driven computing means no IaaS provisioning and no data center to run. Can I migrate all enterprise apps to be event-driven? Continue Reading