I'm guessing Amazon is counting on people who have large AWS deployments and want a closer HSM. You are paying a lot to reduce latency.
Can you provide some evidence around these types of costs and benefits over a reasonably secure rack in a reasonably secure data center?
Who's going to go through the trouble of buying and deploying full DAR with an HSM of their own, and then put it in a common shared hosting environment instead of a dedicated, secure environment?
At any rate, how is this more secure? Amazon has physical access to S3 servers, and physical access to these new HSM things. So what exactly is the benefit? Is this just so companies can meet some security compliance regulations while keeping all their data Amazon's hard drives?
Edit: And the final report:
Which says it took 7 months to do the reversing.
Of course the attack window is considerably reduced, if they want to perform this attack they have to do it when you initially set up the CloudHSM, they can't replace it later with a fake HSM, but still...
They're generally FIPS 140-2 level 3 (and a couple are 4), so protected against physical and logical attacks.
Generally they have modexp accelerators and have performance equivalent to a main CPU (they used to be way faster than CPUs...).
Mainly, they have tools for multi-party key management, crypto fill, reset, etc. Some of which can work remotely/over the network, which is the main weakness of the low end smartcard in this environment.