This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
3. - Amazon Web Services reservations: Read more in this section
- Does Amazon deliver on AWS enterprise development?
- AWS cloud needs to evolve with the times
- Amazon continues its foray into enterprise IT with CloudFormation
- What to consider before buying AWS reserved instances
- Do you need a hardware security module to protect your information?
Explore other sections in this guide:
At a conference recently, I heard a speaker make a reference to cloud-based key management via a hardware security module, or HSM. What is an HSM? How do I know whether I need one, given all the other cloud security options we use?
The short answer is, if you haven't heard much about HSMs, you probably don't need one for information security -- at least, not yet. You can find plenty of other easier and cheaper options to secure your data.
HSMs are dedicated hardware systems specifically designed to store and manage private and public keys, such as secure sockets layer, or SSL, certificates. Among the best-known HSM offerings is Amazon Web Services CloudHSM, which works inside the AWS cloud. AWS describes CloudHSM as a service that "allows customers to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by the customer."
These systems are useful if you need to run digital rights management or a public key infrastructure. These systems can be used to provide high levels of security for products that require it, particularly to ensure regulatory compliance.
But that's much more security than you need for most typical projects. Unless you are working with such information as classified government data, confidential medical information or building-identity systems, you probably don't need an HSM.