I have to admit to never having asked, or been asked, the question if it is possible to have a Hardware Security Module in a public cloud, by which I mean Google, Amazon or Azure. 有沒有人找到使組織能夠完全管理HSM的技術？
在我看來，雲和HSM這兩個概念在根本上彼此不一致 - 因為雲通常涉及“外包”或將操作硬件的風險轉移到雲服務提供商。
- Azure KeyVault: Use Key Vault and you don’t need to provision, configure, patch and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets and policies.
- AWS CloudHSM: AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
- Cloud Key Management (Google): Cloud KMS is a cloud-hosted key management service that lets you manage encryption for your cloud services the same way you do on-premises. You can generate, use, rotate and destroy AES256 encryption keys. Cloud KMS is integrated with IAM and Cloud Audit Logging so that you can manage permissions on individual keys, and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data which you need to store in Google Cloud Platform.
- Various Security Appliances available in all of the cloud marketplaces.