Amazon is plugging ultra-secure key management appliances into its cloud to calm enterprise security admins while locking them into its way of doing things. The AWS CloudHSM Service lets cloud customers that need to follow stringent data regulations move secure data into AWS by giving them access to dedicated hardware security …
As with all Amazon launches, this technology is designed [...] to lock customers further into AWS.
That's a rather negative view, isn't it ? As you say in the next sentence:
Not only does the feature not exist on other clouds...
Amazon are offering a service that no-one else provides ! You could turn the whole negativitey around and say that Amazon are developing extra services to attract new customers and to help keep existing customers by differentiating themselves from the comptetion.
Sure, someone might come along and do it differently (Better or cheaper), but Isn't this how competition works ?
I'd be happier if the crypto were on my premises, with the keys under my control.
Clearly not the only solution
There are solutions out there that stop the vendor lock in, I know of an encryption solution (at rest and motion to FIPS/140/2) this works in AWS and across most other CSPs, allows 3rd party management of the Key Server, i.e. NOT the CSP and meets the usual compliance, standards and equally importantly demonstrates best practice.
How is this lock-in? AWS is using a common third party hardware device and the third party APIs. The AWS hosted HSMs can replicate the keys to on-premise HSMs - easy to export your keys back out of AWS. That seems to be the definition of Open, not Lock In.
VPC is simply a virtual networking environment. The HSM has an IP address on the network - applications address the HSM via IP address or DNS Hostname. Open industry standards. Not seeing how this is lock in.
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Apple 'fesses up: Rejected from the App Store, dev? THIS is why