Tag: AWS CloudHSM
Most SaaS solutions which undergo an AWS Foundational Technical Review (FTR) ingest, manage, and store sensitive data. The FTR is a review based on the AWS Well-Architected Framework and enables AWS Partners to identify and remediate risks in their solutions. Learn how to manage and secure sensitive data within their SaaS solutions with a focus on addressing requirements related to PII or PHI requirements in the Foundational Technical Review.
AWS CloudHSM enables you to generate and use your own encryption keys on AWS. The standard service for managing keys for signing would usually be AWS KMS, but due to legacy requirements from the customer side the team at BJSS needed to support both SHA256 and SHA1. Learn how BJSS successfully signed some data with a key from AWS CloudHSM using Python, and walk through the setup of an AWS CloudHSM cluster for testing using a sample application.
A large public sector organization in India was looking for a solution that would address key challenges in their existing ERP and build systems. Tech Mahindra chose SAP as its core solution to address the customer’s key requirements, and this solution enables the customer to adopt new business models, manage business change at speed, orchestrate internal and external resources, and use the predictive power of AI. In this post, learn how different AWS components can help you host SAP applications on AWS.
Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate, store, import, export, and manage your cryptographic keys. This post walks through using AWS services to create a pipeline that sends HSM audit logs into Splunk. You’ll also learn how to interpret the audit events and gain specific data insights that enable you to flag critical events taking place on the CloudHSM appliance.
Data security is a concern for all enterprises and HashiCorp’s Vault Enterprise helps you achieve strong data security and scalability. Vault is a trusted secrets management tool designed to enable collaboration and governance across organizations. It enables developers, operators, and security professionals to deploy applications in zero-trust environments across public and private datacenters. Through a unified API and AWS integration, Vault can be integrated into your development at any stage.
Follow an AWS expert’s research on various encryption options such as Oracle Transparent Data Encryption (TDE) and Oracle Native Network Encryption (NNE), as well as SSL options on Amazon RDS. This post explains how Amazon RDS supports Oracle TDE, Oracle NNE, and SSL. If you’re an architect or a developer, this will help you plan and configure storage and network encryption on Amazon RDS. You should be aware of the need to encrypt data at rest and how Oracle TDE, Oracle NNE, and SSL can help you achieve your encryption goals.