Virtualization Technology News and Information
How to Deliver a Secure and Reliable Service for Your Customers


Article Written by JT Giri

Amazon Web Services (AWS) is the global leader for cloud services and web hosting. They provide services from small startups all the way to international enterprises, and they are trusted by some of the largest and most popular companies in the world. Companies like Netflix and Airbnb even utilize AWS for hosting services.

While Amazon does an excellent job with infrastructure as well as maintaining the security of the Cloud itself, it is up to your organization to secure your Cloud applications and environment. This could seem like a huge task for cloud security companies, but, fortunately, there are many ways to keep the Cloud secure and reliable for your customers.

One of the easiest ways to keep your organization's sensitive and confidential data secure is through Key Management Services (KMS). KMS are managed services that allow you to easily create and control the keys that are used to encrypt and decrypt your data. If you are a company that must follow certain protocols, such as HIPAA, the importance of this ability exponentially increases.

Combined with other AWS services, KMS can help you protect all of the data you store while injecting secure credentials into automated instances. While this is advantageous, there are many other benefits of KMS for your organization. 

Fully Managed

A huge benefit that many organizations report about using KMS is that it is fully managed. As your usage of KMS encryption keys increases, it automatically scales to meet those needs. If you choose to have master keys created by AWS KMS, they cannot be exported from the service, but multiple copies of the encrypted versions are stored in highly durable systems to ensure they will be available when you need them. If you choose to import the master keys yourself, you must maintain a secure copy of them so you can reimport them if you would ever choose to do so.

Centralized Key Management

Another benefit of AWS KMS is that it provides you with centralized control of all of your encryption keys. Not only can you have a complete view of your entire organization in one convenient location, but you can also easily create, import, and rotate keys. The master keys are stored in a highly durable storage, and you can choose to automatically rotate them (once per year) without having to re-encrypt the data. You also have the control to create new master keys and limit who has access to them.

Integrated with Other AWS Services

AWS Key Management Service can be seamlessly integrated with other AWS services, which makes it easier to encrypt data. Hardware Security Modules (HSMs), for instance, protect the security of your keys while AWS CloudTrail provides you with logs of all key usage to assist with your compliance needs. By utilizing these other services, you can use a default master key that is created specifically for you and can only be used within the integrated service. This provides added security for your services.

Complete Encryption

KMS makes it extremely simple to manage encryption keys that your applications store, no matter what process they use to do so. KMS even provides a software development kit to make the integration of encryption and key management into all of your applications easier.


With more and more sensitive data being stored on the Cloud, the need for a secure service has never been more important. KMS provides a secure location to store and implement encryption keys. It also uses a hardened system where the unencrypted keys can be used only in memory. The entire system is designed so no one has access to your master keys, and all access to update the software is controlled, audited, and reviewed by an independent group within Amazon.


Ensuring Cloud compliance is another vital piece of services, and the security and quality controls in KMS have been validated and certified by multiple compliance reviewers. What this means for your organization is that you can rest assured that KMS will follow all compliance protocol, including HIPAA.

Amazon does a great job maintaining the security of the Cloud, however, it is the responsibility of your organization to ensure the security of the data that you put in the Cloud. By using an AWS service such as KMS, you are ensuring that your sensitive and confidential data is being properly stored and encrypted.


About the Author

JT is the creator of nOps - AWS cloud security tool. He spent last 10 years helping companies migrate to cloud and build automated infrastructures. nOps is a next generation security and collaboration solution for the cloud. nOps applies change management practices to deliver integrated security and reduce cloud waste.
Published Monday, June 12, 2017 8:02 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2017>