Download Publication
.png)
CCM Video Series: CEK - Cryptography, Encryption, & Key Management
Release Date: 11/02/2024
In this presentation we explore the Cryptography, Encryption, and Key Management (CEK) domain within the Cloud Control Matrix (CCM) that comprises twenty-one control specifications. The CEK domain focuses on safeguarding Cloud Service Customers' (CSCs) data through cryptographic techniques, encryption, and effective key management. It plays an essential role in ensuring compliance with encryption standards and maintaining the confidentiality and integrity of sensitive information in cloud environments.
Under the Shared Security Responsibility Model (SSRM), Cloud Service Providers (CSPs) govern cryptography, encryption, and key management practices, ensuring they align with industry best practices and regulatory standards. CSPs manage the underlying infrastructure, provide secure key storage, and deliver encryption services. Meanwhile, CSCs take responsibility for encrypting their own sensitive data before uploading it to the cloud, managing their encryption keys, and assigning roles and responsibilities within their applications and data. They also oversee cryptographic risk and change management processes specific to their environment.
Collaboration between CSPs and CSCs in implementing CEK security controls is mutually beneficial. For CSPs, it strengthens the confidentiality and integrity of CSCs’ data, boosting the security and compliance of cloud services. For CSCs, working with CSPs ensures their unique cryptographic needs are addressed, reinforcing data protection and regulatory compliance.
Under the Shared Security Responsibility Model (SSRM), Cloud Service Providers (CSPs) govern cryptography, encryption, and key management practices, ensuring they align with industry best practices and regulatory standards. CSPs manage the underlying infrastructure, provide secure key storage, and deliver encryption services. Meanwhile, CSCs take responsibility for encrypting their own sensitive data before uploading it to the cloud, managing their encryption keys, and assigning roles and responsibilities within their applications and data. They also oversee cryptographic risk and change management processes specific to their environment.
Collaboration between CSPs and CSCs in implementing CEK security controls is mutually beneficial. For CSPs, it strengthens the confidentiality and integrity of CSCs’ data, boosting the security and compliance of cloud services. For CSCs, working with CSPs ensures their unique cryptographic needs are addressed, reinforcing data protection and regulatory compliance.
Download this Resource
Are you a research volunteer? Request to have your profile displayed on the website here.
Related Certificates & Training

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more