Users would be able to purchase the use of dedicated security modules and generate as well as store encryption keys. These keys, which will only be available to users who have generated them, can then be used to encrypt and decrypt data on AWS instances for enhanced protection.
CloudHSM is meant for those users who have the requirement of heightened security on top of what Amazon provides by default. Amazon revealed that even though it works towards security of each AWS instance on its cloud platform, there are those users who require enhanced security to comply with certain regulations; this is what CloudHSM will help them achieve.
Up until now users who wanted to have encryption through HSM were required to deploy local HSMs. This option would mean that some of the most sensitive data was always residing on-premises and a complete migration to the cloud wasn’t possible. With CloudHSM organizations will be able to ascertain the same level of security as on-premise HSM with the added benefit of data and processing over the cloud.