Amazon Web Services’ (AWS) newly launched managed encryption service has come under fire from data security specialists who warn that its weaknesses could make the journey to encryption enlightenment a lot slower for its customers.
The new CloudHSM (cloud hardware security modules) service offers physical devices that handle the creation and management of cryptographic keys. Though this isn’t a new concept in the industry, it is to AWS and some critics say the lack of experience shows.
Security specialist Colin Tankard, MD of Digital Pathways, welcomed the endorsement that Amazon has given the data security market, but expressed concern about the leadership it could take.
“It is good to see a major brand such as Amazon jump on the bandwagon of data security,” said Tankard, “We really do need to take this whole area far more seriously in this country.”
Tankard’s mood darkened when he moved onto the cloud computing operator’s security credentials, however, as he outlined several weaknesses that the security channel could take the opportunity to address.
“Amazon still holds the key and the data so there’s no separation of duties within the organisation,” he said.
There is separation within the HSM, he conceded, but, since this is built and torn down by Amazon, it will not offer nervous businesses any reassurance about their data. He argued: “Who is to say they [Amazon] can’t retrieve the key when you stop their HSM service?” said Tankard. By this, he did not mean that AWS was untrustworthy but security should leave no loopholes for disgruntled employees, government regulations, or the possibility of penetration by hackers.
The full version of this story is on Channel Biz.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…