Basically, as I understand it, physical HSMs are managed by a team of people who have physical key to reset the HSM itself. That is, these people, let's say there are 3 of them, have 3 keys and each of them is needed to start or reset the HSM. In the cloud, however, for example with Amazon's CloudHSM, how does this happen? Why can't Amazon take the content in our CloudHSM? This team of people doesn't exist, so they still have full control of our encryption keys. Am I right? What am I missing?
Thank you very much