Alibaba Cloud Data Encryption Service is applicable to all users on Alibaba Cloud. You can use HSM to perform operations such as offloading SSL and TLS Processing for web servers, protecting the private key of the certificate authority (CA), and performing Transparent Data Encryption (TDE) for the Oracle database, and encrypting sensitive data in your cloud applications.
SSL Offloading for HTTPS websites
Https websites use a public-private key pair and a public key certificate to establish an HTTPS session with each client. SSL offloading consumes a lot of web server resources, reduces the availability of the web server, and affects the efficiency of the webserver. The private key file of the SSL certificate is stored on the disk, and there is a risk of leaking the private key file. You can generate private keys through HSMs provided by Data Encryption Service, and complete SSL offloading using HSM.
Protect the Private Keys for an Issuing CA
In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate, this requires signing with the CA private key. You need to store the private key in HSM and use HSM to perform cryptographic signing operations.
Oracle TDE Integration
The Transparent Data Encryption (TDE) feature provides a method to protect sensitive data in database columns or in tablespaces stored in operating system files by encrypting it. To prevent unauthorized decryption, TDE stores encryption keys in a security module external to the database. TDE allows sensitive data to be encrypted within the data files to prevent access to it from the operating system.
Sensitive Data Encryption
For public services, e-commerce, financial services, and other business applications that process or store personal data such as PII or PHI, or that process or store organizational and business secret, sensitive data can be encrypted by integrating the HSMs with your applications to meet security and compliance needs.