This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 25 • 3:00pm - 3:45pm
Why CloudHSM can Revolutionzie AWS

Sign up or log in to save this to your schedule and see who's attending!

When it comes to a cloud, a traditional mindset of many IT leaders and security analysts who are dealing with highly sensitive data can be shortly formulated as "we do not trust them". 

The reason of that is not so much in insufficient security controls implemented by cloud providers, as in uncertainty, lack of knowledge and control by cloud consumers over security policies and processes implemented by the providers as well as the providers' reluctance to accept any legal liabilities or commit to SLA's for customer's cloud deployments. 

The first obvious suggestion to make the risk manageable is to encrypt everything in transition and at rest with cryptographic keys that are not accessible by "them".

Implementation might be challenging though, because it's not clear how to make the keys inaccessible by "them". Using Cloud HSM solution looks like a good choice since by design cloud provider's employees do not have access to the content of partitions created by customers.

Lack of automation and manual HSM setup process are other challenges that need to be resolved for making the appliances compliant with a cloud automation principle. HSM setup automation tools have been created and are described in the scope of this presentation.

Yet another challenge to make Cloud HSM working in a secure manner is related to passing HSM credentials (partition level pins, private certificate) from an internal data center to a cloud that can be done through a credential-less EC2 instance validation process that is covered by this talk as well.


Todd Cignetti

Sr. Product Manager, Security, Amazon Web Services
Product leader in security at Amazon Web Services. Previous experience with network encryption and key management at Certes Networks, and file/folder and point-to-point encryption at BitArmor/Trustwave. B.S. in Computer Engineering from Carnegie Mellon University and M.S. in Computer Science from Duke University.
avatar for Oleg Gryb

Oleg Gryb

Sr. Manager, Security Engineering, Samsung Strategy and Innovation Center
Oleg Gryb is Sr. Manager working in application security domain at Samsung Strategy and Innovation Center. He was previously Security Architect at Intuit , where he was creating application and security architecture for financial and business applications processing highly sensitive data. Oleg participates actively in creating open source software in a security, identity management and other domains. He has a lot of passion around embedding... Read More →

Friday October 25, 2013 3:00pm - 3:45pm
21CT Room Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (22)