Blog | Townsend Security

AWS and Key Management and Pricing

Written by Patrick Townsend | Feb 4, 2020 4:42:06 PM

Ahhhh, Amazon Web Services (AWS) are so delightfully inexpensive, aren’t they? The AWS Key Management Service (KMS) is one of those really inexpensive services that many of us love to use. For many AWS customers AWS KMS isn’t even noticeable on your bill.

Or, is it?

Increased private data in the cloud requires more encryption keys. What happens when more and more projects are moved to the AWS cloud? Many organizations are assigning each database user their own key, which is a great strategy to deal with GDPR and CCPA. The number of keys starts to go up quickly, and your AWS KMS cost goes up with them. Here is something that happened to one of our customers who had a growing need for keys.

Here is something that happened to one of our customers who had a growing need for keys:

They decided to use a separate encryption key for each of their customers. The idea was to encrypt with an encryption key unique to each customer. When they needed to delete the customer data they only needed to delete the encryption key for that customer. With lots of customers they soon had thousands of encryption keys. And they were shocked when a really large Amazon bill came due for those keys. AWS charges $1.00 for each key and it adds up really fast. So some caution is in order.

Is there any way to avoid the high cost of AWS KMS for multiple keys?

Yes there is. Our Alliance Key Manager in AWS solution can be deployed right in the AWS cloud at a low monthly cost, with no charge per encryption key. Whether you need 10 encryption keys, or 100,000 encryption keys, the cost is the same. And we don’t count the number of endpoints, either. So, the cost remains the same even as you increase your data protection.

Besides a lower cost for key management, there are other benefits to deploying our key manager in AWS:

  • You have exclusive access to the key manager – unlike AWS KMS, it isn’t shared with Amazon (or us).
  • You can deploy redundant key managers (product and high availability) across different AWS geographic regions.
  • You can mirror your encryption keys from AWS to an on-premise key manager.
  • You can deploy replicating key managers across multiple clouds.
  • You have full support for encryption of databases like SQL Server, MySQL, MongoDB, and others.

When you need a lot of encryption keys in AWS, our Alliance Key Manager is a winner. We don’t charge per key, you have flexible options to deploy key management in the cloud and on premises, you will save a lot of money over AWS KMS, and you will have a dedicated Enterprise key management solution that you don’t share with anyone. You will be deploying a true cloud neutral key management solution.

Talk to us to find out more details about the benefits of deploying Alliance Key Manager for AWS for your organization.

Patrick