All the major cloud service providers (CSPs) now offer cryptography services. This whitepaper will explain why many businesses are adopting cloud crypto services as they migrate their applications to the public cloud. We will look at what these services do, how to choose a cloud crypto service, and how to migrate an application securely.
We will focus on cryptographic services available from the three largest CSPs (Amazon Web Services, Google Cloud Platform, Microsoft Azure) including their cloud key management services (KMS) and their cloud hardware security modules (HSMs). Lock-in to a single provider is considered unwise by many organizations, so we will also look at the portability of applications designed to use these services.
Finally, we will describe how to understand the cryptographic needs of an application, and how to carry out the migration. We will consider how to monitor the security of a sensitive application that is using cloud cryptography services.