AWS CloudHSM
Updated Sep. 14 2021

Venafi orchestrates connections to machines needing certificates while protecting cryptographic keys with AWS Cloud hardware security modules (HSMs). With the added deployment speed and efficiency of an on-demand service, AWS CloudHSM provides a cloud-based HSM service with zero upfront capital investment.
Business Outcomes
  • Protect identities of devices and applications securing critical data

  • Enable trust in machines that are supporting critical business

  • Apply consistent security policies to put you in complete control

Integration Features
  • Automated lifecycle of keys and certificates

  • FIPS 140-2 Levl 3 and Common Criteria EAL 4+ root of trust

Solution Overview

To help reduce the risk of a data breach, meet compliance requirements, and simplify machine identity management, Venafi and AWS have combined the benefits of automated key and certificate lifecycle management from the Venafi Platform with AWS cloud-based hardware security module (HSM) key protection. AWS CloudHSM enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

CloudHSM is standards-compliant and enables you to export all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. CloudHSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.