Cloud Security

Fundamental Cloud Security Part 16 – Encryption in Public Cloud Services

In a previous post we explained the basic concepts of encryption. In this chapter we will focus on the various solutions offered by public cloud vendors, in the area of  encryption and cryptography:

AWS

  • AWS Key Management Service – a managed service for creating, storing and using both symmetric and asymmetric encryption keys, generated by AWS or by using customer managed keys.

Reference articles:

  • AWS CloudHSM – a hardware security module for managing encryption keys, as part of AWS managed services, for use cases where there is a regulatory requirement or highly sensitive data that needs to be encrypted using the FIPS 140-2 level 3 standard.

Reference articles:

  • AWS Secrets Manager – managed service for encrypting, storing and retrieving credentials for databases and other services (including key rotation).

Reference articles:

  • AWS Certificate Manager – managed service for creating and managing SSL/TLS certificates for public web sites and web applications.

Reference articles:

  • AWS Certificate Manager Private Certificate Authority – managed service for creating private PKI (public key infrastructure) for issuing and revoking digital certificates.

Reference articles:

Microsoft Azure

  • Azure Key Vault – managed service for creating, storing and retrieving secrets (passwords, tokens, etc.), encryption keys and SSL/TLS certificates.

Reference articles:

  • Azure Dedicated HSM – a hardware security module for managing cryptographic storage, for use cases where there is regulatory requirement or highly sensitive data that needs to be encrypted using the FIPS 140-2 level 3 standard.

Reference articles:

Google Cloud Platform

  • Google Cloud KMS (Key Management Service) – a managed service for creating, storing and retrieving symmetric and asymmetric encryption keys and secrets (access keys, passwords, etc.)

Reference articles:

  • Google Cloud HSM – a hardware security module for managing cryptographic storage, for use cases where there is regulatory requirement or highly sensitive data that needs to be encrypted using the FIPS 140-2 level 3 standard.

Reference articles:

Oracle Cloud

  • Oracle Break Glass – managed service for Oracle applications (such as Oracle HSM, Oracle ERP, and Oracle CRM) for full database encryption (TDE).

Reference articles:

  • Oracle Key Vault – a managed service for creating, storing and retrieving encryption keys for Oracle database (TDE), Java key-stores, credential files, etc.

Reference articles:

  • Oracle Cloud Key Management – a hardware security module for managing cryptographic storage, for use cases where there is regulatory requirement or highly sensitive data that needs to be encrypted using the FIPS 140-2 level 3 standard.

Reference articles:

About the author

Eyal Estrin, cloud architect.

Skip to content