Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Defining Cloud Key Management: 7 Essential Terms

Published 05/01/2024

Defining Cloud Key Management: 7 Essential Terms
Written by Megan Theimer, Content Program Specialist, CSA.

In the realm of cloud security, understanding key management is paramount to safeguarding sensitive data. Encryption, key generation, and access control help ensure that sensitive information remains unreadable and inaccessible to unauthorized parties. Without a thorough understanding of cloud key management concepts, organizations risk leaving vulnerabilities unaddressed, potentially exposing themselves to data breaches, compliance violations, and reputational damage.

In this blog post, we will help you embark on your cloud key management journey by defining 7 essential terms related to cloud key management and providing additional CSA resources where you can dive deeper into these concepts.


1. Cryptography

The encryption techniques that safeguard data that is used or stored in the cloud.

Learn how key management works in conjunction with cloud services.


2. Cloud Key Management

The management of cryptographic keys in a cryptosystem hosted on a cloud. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way. One can manage the cryptographic keys as on premise.

Begin planning your key management solutions.


3. Cloud-Native Key Management System (KMS)

A KMS that is built and owned by the same provider that delivers the cloud service the customer consumes. All components of the KMS are in the cloud.

Securely adopt a cloud-native KMS.


4. Public Key Infrastructure (PKI)

The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used to administer certificates and public-private key pairs.

Consider these features when you adopt a cloud PKI.


5. Separation of Duties (SOD)

The principle that no user should be given enough privileges to misuse the system on their own. For example, in a key management context, the critical functions of a key process should be dispersed to more than one person or department.

Review 5 long-standing principles of Zero Trust security, including SOD.


6. Symmetric Encryption

Use of a single shared secret held by one or more authorized parties for encrypting and decrypting data and communications. Uses the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext.

Clarify the differences between the various types of cryptographic keys.


7. Asymmetric Encryption

A relatively newer encryption method that uses mathematically linked public and private key pairs to encrypt and decrypt data between trusted parties.

Understand how quantum computing threatens asymmetric encryption.



Explore all of CSA’s cloud key management resources.

Share this content on your favorite social network today!