What are the main differences between AWS KMS, Google Cloud Platform KMS and Microsoft Azure Key Vault?
If you're planning on putting sensitive data in the cloud, you'll likely want to use your CSP's cloud Key Management Service, like AWS KMS, Google Cloud Platform KMS, or Microsoft Azure Key Vault. However, the three services are very different in their cryptographic design, and these differences have real consequences for applications, particularly in a multi-cloud context. Our infographic below gives a snapshot of the main features of each one.
More detailed information about the diverse cloud KMS and cloud HSMs offered by the big three providers can be found in our Cloud Cryptography Whitepaper, or you can watch our recent webinar on the subject.
This infographic is correct according to publicly available information at the time of publishing, but is subject to change: the top CSPs are in fierce competition to attract large enterprise users likely to need these facilities, and hence are releasing new features all the time.
AWS and Azure currently hold the biggest market share for cloud services. In this video Graham explains the main differences between their KMS services.
For more detail on this subject, watch our recent cloud KMS webinar.
The comparison image above doesn't tell the whole story. Google Cloud Platform (GCP) KMS has some interesting features that make it different from the KMS offerings of the other main two cloud providers. In this video Graham explains more about how GCP KMS works and why it's different.
All the major cloud service providers (CSPs) now offer cryptography services. This whitepaper will explain why many businesses are adopting cloud crypto services as they migrate their applications to the public cloud. We will look at what these services do, how to choose a cloud crypto service, and how to migrate an application securely.
We will focus on cryptographic services available from the three largest CSPs (Amazon Web Services, Google Cloud Platform, Microsoft Azure) including their cloud key management services (KMS) and their cloud hardware security modules (HSMs). Lock-in to a single provider is considered unwise by many organizations, so we will also look at the portability of applications designed to use these services.
Finally, we will describe how to understand the cryptographic needs of an application, and how to carry out the migration. We will consider how to monitor the security of a sensitive application that is using cloud cryptography services.