> High performance HSMs capable of handling 10k+ transactions/second are well within the price range of a well funded startup.
Microsoft knows this, and even offers HSMs as a cloud service.
HSMs simply don’t scale up to something the size of azure AD. Even if you could use 10K+ of them in a global cluster, copying keys between HSMs inherently exposes the master keys anyway. And how do you secure access to the HSMs, with another secret shared on every validation server? Turtles all the way down.
Microsoft knows this, and even offers HSMs as a cloud service.
HSMs simply don’t scale up to something the size of azure AD. Even if you could use 10K+ of them in a global cluster, copying keys between HSMs inherently exposes the master keys anyway. And how do you secure access to the HSMs, with another secret shared on every validation server? Turtles all the way down.