1 Introduction
Amazon Web Services, Inc. (AWS) is a multinational cloud service provider headquartered in Seattle, USA. A subsidiary of the American retail giant Amazon.com, AWS was initially formed to consolidate and standardize the computing infrastructure powering Amazon’s online business. In 2006, the AWS platform was launched officially with the vision of offering on-demand access to this infrastructure to customers on a subscription basis, thus essentially making the company the first major player of the cloud computing market.
Over a decade later, AWS remains the largest cloud service provider both in terms of its infrastructure footprint and yearly revenue. With 60 availability zones in 20 regions around the world, the company has a massive global presence, serving hundreds of thousands of customers from nearly every country. From its inception, AWS always had a strong focus on “builders” – skillful and motivated developers looking only for the necessary tools and services to start creating modern applications. For those people, the company offers hundreds of various cloud services – ranging from basic infrastructure components to cloud-native development frameworks to advanced technologies like machine learning or even satellite management – at competitive prices.
As organizations are increasing their adoption of cloud services, the amounts of business data transferred, stored and processed in the cloud is growing exponentially, and a substantial part of this data – be it intellectual property, financial transactions or customers’ personal information – can be highly sensitive. Ensuring constant integrity and confidentiality of such information without negatively affecting its availability for business purposes is perhaps the biggest operational, security and compliance challenge for any company. According to the shared responsibility model, data protection in the cloud remains the sole responsibility of customers regardless of the service model.
Despite occasional attempts of certain government agencies to limit the use of data encryption, it remains the most mature, well-established and popular method of protecting data from unauthorized access both at rest and in transit. Most modern storage systems, databases, data streaming, and network transfer services, as well as business applications, support encryption natively or through third-party solutions; for cloud services, this is an absolutely crucial requirement.
However, with so many disparate encryption tools in place, the next challenge for enterprises is keeping track of the numerous encryption keys. Enterprise Key and Certificate Management solutions provide a highly secure system for centralized storage of encryption keys, management of their entire lifecycles and monitoring of their usage – both for symmetric encryption keys commonly used for encrypting data at rest, as well as for asymmetric keys within Public Key Infrastructures used for network traffic encryption, authentication and digital signatures.
As a cloud service provider, AWS naturally offers native key and certificate management as fully managed, scalable and highly available services that seamlessly integrate with most other AWS services to control encryption of almost any type of data stored in the AWS cloud. Customers can choose between relying on keys automatically managed by AWS or having full control over their own master keys. Either way, a full audit trail of key usage and optional HSM support ensure full compliance with most important government and industry-specific compliance frameworks.