AWS Partner Network (APN) Blog
Tag: AWS CloudHSM
Mitigating Sensitive Data-Related Risks via Foundational Technical Review (FTR) for SaaS Solutions
Most SaaS solutions which undergo an AWS Foundational Technical Review (FTR) ingest, manage, and store sensitive data. The FTR is a review based on the AWS Well-Architected Framework and enables AWS Partners to identify and remediate risks in their solutions. Learn how to manage and secure sensitive data within their SaaS solutions with a focus on addressing requirements related to PII or PHI requirements in the Foundational Technical Review.
Signing Data Using Keys Stored in AWS CloudHSM with Python
AWS CloudHSM enables you to generate and use your own encryption keys on AWS. The standard service for managing keys for signing would usually be AWS KMS, but due to legacy requirements from the customer side the team at BJSS needed to support both SHA256 and SHA1. Learn how BJSS successfully signed some data with a key from AWS CloudHSM using Python, and walk through the setup of an AWS CloudHSM cluster for testing using a sample application.
How Tech Mahindra Implemented an Intelligent Enterprise Solution Based on S/4 HANA on AWS
A large public sector organization in India was looking for a solution that would address key challenges in their existing ERP and build systems. Tech Mahindra chose SAP as its core solution to address the customer’s key requirements, and this solution enables the customer to adopt new business models, manage business change at speed, orchestrate internal and external resources, and use the predictive power of AI. In this post, learn how different AWS components can help you host SAP applications on AWS.
How to Tokenize and De-Identify Your Data in Amazon RDS with Baffle
Baffle Data Protection Services (DPS) provides a data-centric protection layer allowing customers to tokenize, encrypt, and mask data in Amazon RDS at the column or row level, without any application code modifications while supporting a BYOK or HYOK model. Review the architecture for Baffle DPS, and walk through how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.
How to Send CloudHSM Audit Logs to Splunk and Monitor Critical Events on the HSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate, store, import, export, and manage your cryptographic keys. This post walks through using AWS services to create a pipeline that sends HSM audit logs into Splunk. You’ll also learn how to interpret the audit events and gain specific data insights that enable you to flag critical events taking place on the CloudHSM appliance.
Securing and Managing Secrets with HashiCorp Vault Enterprise
Data security is a concern for all enterprises and HashiCorp’s Vault Enterprise helps you achieve strong data security and scalability. Vault is a trusted secrets management tool designed to enable collaboration and governance across organizations. It enables developers, operators, and security professionals to deploy applications in zero-trust environments across public and private datacenters. Through a unified API and AWS integration, Vault can be integrated into your development at any stage.
Oracle Database Encryption Options on Amazon RDS
Follow an AWS expert’s research on various encryption options such as Oracle Transparent Data Encryption (TDE) and Oracle Native Network Encryption (NNE), as well as SSL options on Amazon RDS. This post explains how Amazon RDS supports Oracle TDE, Oracle NNE, and SSL. If you’re an architect or a developer, this will help you plan and configure storage and network encryption on Amazon RDS. You should be aware of the need to encrypt data at rest and how Oracle TDE, Oracle NNE, and SSL can help you achieve your encryption goals.