Versions Compared

Version Old Version 1 New Version Current
Changes made by

Sergio Karijodinomo

Sergio Karijodinomo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Let's compare Cloud HSM versus Cloud EKM; let`s see what the differences are between them and what Spacewell recommends to use.

‪Key benefits of using Cloud HSM keys:

Enhanced security:
Cloud HSM keys are stored and processed within a secure hardware environment isolated from the Google Cloud infrastructure. This makes it extremely difficult for unauthorized individuals to access or tamper with the keys.

Compliance with strict data security regulations: Cloud HSM keys can help organizations meet compliance requirements for data security, such as HIPAA and PCI DSS.

Protection for highly sensitive data:
Cloud HSM keys are ideal for storing and protecting sensitive data, such as financial data, healthcare data, and intellectual property.

Ease of use:
Cloud HSM keys can be integrated with various Google Cloud services, making them easy to use and manage.

‪Overall, Cloud HSM keys offer a powerful and secure solution for protecting sensitive data in the Google Cloud environment. If you are concerned about the security of your data, Spacewell recommends using Cloud HSM keys.

Key benefits of using Cloud EKM keys :

Key provenance: 
You control the location and distribution of your externally managed keys. Externally managed keys are never cached or stored within Google Cloud. Instead, Cloud EKM communicates directly with the external key management partner for each request.

Access control: 
You manage access to your externally managed keys. Before you can use an externally managed key in Google Cloud, you must grant the Google Cloud project access to use the key. You can revoke this access at any time.

Centralized key management: 
You can manage your keys and access policies from a single user interface, whether the data they protect resides in the cloud or on your premises.

‪However, there are also some drawbacks to using EKM:

Dependency on a third party: 
Organizations that use an EHSM are dependent on a third-party for the security of their keys. This can be a concern for organizations that are concerned about data sovereignty.

Potential for downtime: 
EHSM can be a single point of failure for an organization's encryption infrastructure. This means that if the EHSM is down, organizations will not be able to encrypt or decrypt data.

‪In all cases, the key resides on the external system and is never sent to Google.