This topic introduces the benefits of Alibaba Cloud Data Encryption Service.
Secure key storage
With Data Encryption Service, you directly use hardware security modules to protect cryptographic keys. The hardware and firmware of the cryptographic modules are FIPS 140-2 Level 3 certified.
Secure key management
You fully control the management of the keys that you create in the HSMs. Data Encryption Service only manages the HSM hardware to ensure the availability of your HSM instances in the cloud infrastructure, and does not manage your keys.
The HSM instance provided by Data Encryption Service is deployed in your virtual private cloud (VPC). This instance is managed and invoked by using the private IP address that you specify. Data Encryption Service helps you ensure hassle-free deployment of your business on the cloud.
You can dynamically adjust the number of HSM instances based on the actual conditions, and implement load balancing to meet different encryption and decryption requirements.