Deciding which cloud crypto vendor is best for you? Choosing between Amazon Web Services or Microsoft Azure is heavily debated by users. The transition toward uploading data on the public cloud is becoming the standard for organizations. The two main factors for protecting data are to protect the data from unauthorized access and to meet compliance regulations. Cloud Security must be the main priority of everyone in the organization. The use of encryption depends on the protection of the keys. Key protection and management are offered by Amazon Web Services Key Management Services (AWS KMS) and Microsoft Azure Key Vault. In today’s blog, Encryption Consulting will summarize Amazon Web Services (AWS) Key Management System (KMS) and Microsoft Azure Key Vault.
Amazon Web Services Key Management Services (AWS KMS):
AWS KMS is a managed service that is used to create and manage encryption keys. The two types of encryption keys in AWS KMS are Customer Master Keys (CMKs) and Data keys. CMKs can be used to encrypt and decrypt up to 4-kilobytes of data. Data Keys are generated, encrypted and decrypted by CMKs. The CMKs can never leave the AWS KMS. The CMKs could be customer managed or AWS managed. Data keys are used to encrypt data. AWS KMS does not store, manage or track data keys. AWS KMS cannot use data key to encrypt data for you. You have to use and manage data keys. AWS KMS uses FIPS 140-2 validated hardware security modules (HSM) and supported FIPS 140-2 validated endpoints ensuring confidentiality and integrity of your keys.
Azure Key Vault:
Microsoft Azure Key Vault is used to store secrets like tokens, passwords, certificates, and API keys. Azure Key Vault can also be used as a key management solution. Key Vault can encrypt keys and secrets in hardware security modules (HSMS). Key Vault supports RSA and Elliptic Curve keys only. Microsoft will not see your keys, but processes the keys in FIPS 140-2 Level 2 validated HSMs.