Amazon Web Services gets a hardware security module, but resellers say there is still more to do
Amazon Web Services’ (AWS) newly launched managed encryption service has come under fire from data security specialists who warn that its weaknesses could make the journey to encryption enlightenment a lot slower for its customers.
The new CloudHSM (cloud hardware security modules) service offers physical devices that handle the creation and management of cryptographic keys. Though this isn’t a new concept in the industry, it is to AWS and some critics say the lack of experience shows.
Security specialist Colin Tankard, MD of Digital Pathways, welcomed the endorsement that Amazon has given the data security market, but expressed concern about the leadership it could take.
Key under the mat
“It is good to see a major brand such as Amazon jump on the bandwagon of data security,” said Tankard, “We really do need to take this whole area far more seriously in this country.”
Tankard’s mood darkened when he moved onto the cloud computing operator’s security credentials, however, as he outlined several weaknesses that the security channel could take the opportunity to address.
“Amazon still holds the key and the data so there’s no separation of duties within the organisation,” he said.
There is separation within the HSM, he conceded, but, since this is built and torn down by Amazon, it will not offer nervous businesses any reassurance about their data. He argued: “Who is to say they [Amazon] can’t retrieve the key when you stop their HSM service?” said Tankard. By this, he did not mean that AWS was untrustworthy but security should leave no loopholes for disgruntled employees, government regulations, or the possibility of penetration by hackers.
The full version of this story is on Channel Biz.