But the majority of people don't need that much HSM. And that's the interesting problem I see with this: the enterprise can afford it, but is going to be wary of using a cloud provider for this sensitive of data; and it's outside the budget of most startups. There is probably a tier in the middle, though, that Amazon expects will happily use the product.
If you're using an HSM for full DAR of your servers, you need all the H/A you can get. IF that HSM is down, you can't boot your systems, period. If that HSM crashes or is destroyed, you potentially lose everything.
You're paying for way more than latency reduction. You're also eliminating the overhead of buying, provisioning, supporting, etc. the whole system (which is definitely not pain free).
The latency reduction is a nice added benefit, but it's definitely not the main one. Where are you even going to put your $5k HSM? In your $50k colo cage? Under your desk and route out via your home cable modem?
I don't understand the question? What evidence do you need? That a colo cage can be $50k/yr? Call Equinix and ask for some dedicated space.
Who's going to go through the trouble of buying and deploying full DAR with an HSM of their own, and then put it in a common shared hosting environment instead of a dedicated, secure environment?
Disclaimer: I've never been a fan of storing my data on someone else's hard drives, but many others seem to think it's a good idea.
At any rate, how is this more secure? Amazon has physical access to S3 servers, and physical access to these new HSM things. So what exactly is the benefit? Is this just so companies can meet some security compliance regulations while keeping all their data Amazon's hard drives?
The entire point of HSM is that physical access does not compromise your keys. The keys are not stored on a disk, and if someone tries to pry it open, it will erase its memory. Check out their FAQ:
Their primary feature is tamper-resistant key management. It means you can store your keys in a data centre - where people you don't fully trust may have physical hardware access - yet still have an expectation of security. Something like this is useful whether you use Amazon or a traditional data center.
Yeah it's just compliance. But Amazon having physical access doesn't matter because this level of CIA (confidentiality, integrity, availability) is enforced by Amazon also, by contract.
How can you know that your instance is talking to the real CloudHSM and not a software emulation that can reveal the keys?
At some point Amazon might be forced (by some wiretapping lawys, or subpoena) to fake the HSM presented to your instances and give others access to your keys.
Of course the attack window is considerably reduced, if they want to perform this attack they have to do it when you initially set up the CloudHSM, they can't replace it later with a fake HSM, but still...
Generally HSMs have manufacturer keys, too, so you'd need to compromise both Amazon and SafeNet (admittedly, both US companies which could be subject to court order...). The weak point is initial provisioning, as you point out.
Fuck, sadly I just talked to safenet at their booth at aws and they don't do this, so you are totally vulnerable to giving keys to a fake hsm, essentially making cloud hsm useless. Unless their booth dudes were misinformed.
Security, performance, and functionality/features.
They're generally FIPS 140-2 level 3 (and a couple are 4), so protected against physical and logical attacks.
Generally they have modexp accelerators and have performance equivalent to a main CPU (they used to be way faster than CPUs...).
Mainly, they have tools for multi-party key management, crypto fill, reset, etc. Some of which can work remotely/over the network, which is the main weakness of the low end smartcard in this environment.
The entire idea behind HSMs is to reduce the potential for them being hacked. These are FIPS 140-2 Tamper Proof devices. You rarely hear about these being hacked, if ever.
I'm guessing Amazon is counting on people who have large AWS deployments and want a closer HSM. You are paying a lot to reduce latency.