Cloud Cryptography Comparison

What are the main differences between AWS KMS, Google Cloud Platform KMS and Microsoft Azure Key Vault?

This infographic is correct according to publicly available information at the time of publishing, but is subject to change: the top CSPs are in fierce competition to attract large enterprise users likely to need these facilities, and hence are releasing new features all the time. More detailed information about the diverse cloud KMS and cloud HSMs offered by the big three providers can be found in our Cloud Cryptography Whitepaper.

Cloud cryptography comparison - AWS KMS, Google Cloud Platform KMS, Microsoft Azure Key Vault

Read our Cloud Cryptography White Paper

In this white paper, we explain in detail how the big three cloud service providers (Amazon Web Services, Google Cloud Platform, and Microsoft Azure) differ in their provision of cloud cryptography.


Migrate keys to Cloud KMS without rewriting any code

Cryptosense Analyzer finds the keys used by your application, gives you full details on operations used, then allows you to seamlessly migrate your chosen keys to cloud cryptography services such as Google Cloud KMS, Microsoft Azure KMS or AWS KMS.

Key Migration to GCP KMS

You can easily migrate cryptographic keys to the cloud without rewriting any code. In this example we show how we can move an enterprise Tomcat Java application to Amazon’s AWS KMS – modernizing the cryptography used by the application, without having to rewrite any code.

Firstly, we will discover all the cryptographic keys used by the application. To do this we attach an agent to the running application and record all the calls to the cryptographic libraries.

We then look at the complete cryptography inventory and find the TLS private key that we want to migrate to the AWS KMS.

Next, we edit the config file in our Tomcat application, and ask it to use a run-time agent provided by CAP to access the private TSL key from the AWS secret store.