Destinatari: Architetti Cloud, DevOps
Focus: Integrazione HSM, gestione secret, Multi-Cloud
Integrazione della PKI abilitata PQ con HSM cloud e servizi di gestione secret.
| Caratteristica | Azure Key Vault | AWS KMS | HashiCorp Vault |
| βββββ- | ββββββ | βββ | ββββββ |
| HSM FIPS 140-2 | Livello 3 (Managed HSM) | Livello 3 (CloudHSM) | Livello 2 (Transit) |
| Supporto PQ | β Non ancora | β Non ancora | β Tramite plugin |
| Gestione certificati | β Nativo | β ACM | β PKI Engine |
| Multi-Cloud | β | β | β |
| Costi | Medi | Alti (CloudHSM) | Open Source + Enterprise |
| Scenario | Cloud | Tipo HSM |
|---|---|---|
| Azure Key Vault | Azure | Managed HSM |
| AWS KMS + CloudHSM | AWS | CloudHSM |
| HashiCorp Vault | Multi-Cloud | Transit SE |
Raccomandazione: Root-CA on-premises + Intermediate cloud per workload cloud
| Componente | Posizione | Motivazione |
| ββββ | ββββ | ββββ- |
| Root-CA | On-Premises (HSM) | Massima sicurezza |
| Intermediate (Cloud) | Azure/AWS/Vault | Vicinanza ai workload |
| End-Entity | Cloud | Auto-Provisioning |
| Backup | Multi-Cloud | Disaster Recovery |
Β« β Scenari per operatori | β Azure Key Vault Β»
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional