We are excited to announce that Amazon Web Service (AWS) Internet of Things (IoT) Greengrass users can now use Yubico’s hardware security module, the YubiHSM 2, Yubico’s ultra-portable hardware security module, for secure key storage. AWS IoT Greengrass software provides local compute, messaging, and data caching for the IoT devices, enabling users to run IoT applications across the AWS cloud and local devices.
IoT is on the rise
The Internet of Things (2018) research report from Business Insider Intelligence predicts that there will be more than 55 billion IoT devices by 2025, up from about 9 billion in 2017. While reaping many advantages like increased efficiency and productivity, this rapid growth in adoption provides a new playground for malicious actors creating real challenges for security and privacy.
Connecting everything to the cloud creates the potential for a single point of failure, which is why protecting access to servers is of paramount importance. A prime threat to access is storing root keys for servers in software. Root keys stored in software can be stolen, accidentally distributed, or misused, and can potentially lead to catastrophic security breaches.
AWS IoT Greengrass supports a hardware root of trust
AWS IoT Greengrass enables customers to leverage a hardware root of trust, such as the YubiHSM 2, for private key storage, and end-to-end encryption for messages sent between AWS IoT Greengrass Core and the AWS cloud, as well as between the AWS IoT Greengrass Core and compatible local devices. This provides AWS IoT Greengrass customers with the option to configure their AWS IoT Greengrass Core to use the private keys generated and stored on the YubiHSM 2.
“Security and compliance are primary considerations for customers as they begin their respective cloud journeys. Organizations need true cloud visibility, which is the foundation of security and controls. The integration of YubiHSM 2 with AWS IoT Greengrass is a great example of a way for customers to have greater visibility into local compute, messaging, and data caching for the Internet of Things (IoT), ” said Troy Bertram, General Manager, Worldwide Public Sector Business Development, AWS. “The integration of YubiHSM 2 with AWS IoT Greengrass provides AWS customers with another avenue to maintain the strong hardware-backed security for cryptographic digital key generation, storage, and management.”
The YubiHSM 2 helps protect your keys
Since our initial launch of the YubiHSM 2 last year, many of our customers have approached us looking for a way to protect keys on servers. Complaints of traditional rack-mounted and card-based HSMs offering limited applicability at a significantly higher cost have led customers to our innovative alternative hardware security module. The YubiHSM 2 provides strong hardware-backed security for cryptographic digital key generation, storage, and management. The nano-sized YubiHSM 2 fits inside a server’s USB port and does not require additional hardware, significantly bringing down costs and simplifying the deployment process.
We’re excited for the collaboration with AWS IoT Greengrass. This announcement follows our recent release of our open source software development kit (SDK) for the YubiHSM 2. Now, more developers can rapidly integrate the YubiHSM 2’s capabilities into apps across a wider array of architectures and platforms. The YubiHSM 2 SDK enables developers to build products that communicate seamlessly with the YubiHSM 2 through the industry standard PKCS#11, and extend a range of high security functions and use cases for the greater protection of cryptographic keys.
The open source YubiHSM 2 SDK highlights Yubico’s commitment to transparency and trust. We continue to encourage the developer and security communities to join us in our mission to make strong hardware-backed security more accessible to organizations of all sizes.