Though the CIA has deemed Amazon Inc.’s cloud safe enough to run sensitive governmental workloads, some companies still struggle to meet their compliance requirements using the built-in security functionality. To amend the situation, the vendor is rolling out a new encryption feature that makes it possible to harness external cryptographic hardware.

More specifically, the addition enables companies to make use of so-called Hardware Security Modules (HSMs), specialized devices that are designed for the sole purpose of safekeeping encryption keys. They usually come in a temper-proof chassis without any ports and pack extensive alerting functionality capable of detecting even the smallest sign of foul play. Moreover, the on-board software can be configured to periodically refresh keys so that hackers only have a limited time window to cause havoc in the unlikely event they find a vulnerability.

Such equipment is used mainly in the public sector and highly regulated industries like banking where encryption keys are legally required to be kept behind the firewall. Adding support for HSMs should help Amazon court organizations in these segments more effectively amid the growing competition from Microsoft Corp, which has allowed cloud users to use their own cryptographic gear since last year. The software giant is enhancing security throughout its entire infrastructure- and software-as-service lineup in a bid to stand out from rivals.

Redmond most recently unveiled a cloud-supported security engine for Windows that uses machine learning technology to find malicious behavior. Its algorithms then diagnose the threat and inform IT staff whether it’s merely an isolated breach or part of a broader issue. As the stakes continue to rise in the public cloud, Amazon and Microsoft can be expected to add yet more security functionality for their respective platforms.

Image via Pixelcreatures