Learn more on how Encryption Consulting helps customers manage and automate their Key orchestration

Click Here

    The Debate for Key Management Service by AWS VS Azure

    Amazon Web Services
    19 Oct 2018

    AWS VS Azure KMS

    Deciding which cloud crypto vendor is best for you? Choosing between Amazon Web Services or Microsoft Azure is heavily debated by users. The transition towards uploading data on the public cloud is becoming the standard for organizations. The two main factors for protecting data are to protect the data from unauthorized access and to meet compliance regulations. Cloud Security must be the main priority of everyone in the organization. The use of encryption depends on the protection of the keys. Key protection and management are offered by Amazon Web Services Key Management Services (AWS KMS) and Microsoft Azure Key Vault. In today’s blog, Encryption Consulting will summarize Amazon Web Services (AWS) Key Management System (KMS) and Microsoft Azure Key Vault.

    Amazon Web Services Key Management Services (AWS KMS):

    AWS KMS is a managed service that is used to create and manage encryption keys. The two types of encryption keys in AWS KMS are Customer Master Keys (CMKs) and Data keys. CMKs can be used to encrypt and decrypt up to 4-kilobytes of data. Data Keys are generated, encrypted and decrypted by CMKs. The CMKs can never leave the AWS KMS. The CMKs could be customer managed or AWS managed. Data keys are used to encrypt data. AWS KMS does not store, manage or track data keys. AWS KMS cannot use data key to encrypt data for you. You have to use and manage data keys. AWS KMS uses FIPS 140-2 validated hardware security modules (HSM) and supported FIPS 140-2 validated endpoints ensuring confidentiality and integrity of your keys.

    Azure Key Vault:

    Microsoft Azure Key Vault is used to store secrets like tokens, passwords, certificates, and API keys. Azure Key Vault can also be used as a key management solution. Key Vault can encrypt keys and secrets in hardware security modules (HSMS). Key Vault supports RSA and Elliptic Curve keys only. Microsoft will not see your keys, but processes the keys in FIPS 140-2 Level 2 validated HSMs.

    Control AWS KMS Azure Key Vault
    Symmetric Key AES-GCM-256 X
    Asymmetric Key X RSA-OAEP and RSA-PKCS #1v1.5
    Bring your own key (BYOK) CMK wrapped with RSA 2048 PKCS#12 or nCipher HSM
    Unwrap Key RSA-OAEP and RSA-PKCS#1v1.5 RSA-OAEP and RSA-PKCS#1v1.5
    Sign X RSA-PSS and RSA-PKCS#1v1.5
    Key Length -Symmetric Key AES 256 X
    Key Length-Asymmetric Key X RSA 2048 – 4096
    Key operations per second 1000 – 5500 depending on the region 1000 for HSM 2000 for Software-basedCrypto


    At Encryption Consulting, we are here to take care of all your encryption needs with respect to cloud key management.

    Contact us at info@encryptionconsulting.com

    Want to learn from AWS Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get a Free Quote for your AWS services

    Free Downloads for AWS services