Key Management in Cloud Services
Release Date: 11/09/2020
Working Group: Cloud Key Management
There is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services, despite the fact that key management is essential to an organization’s overall cloud security. This document by the Cloud Key Management Working Group attempts to fill this gap. It provides guidance for using KMS in conjunction with SaaS, PaaS, or IaaS cloud services—whether the KMS is native to a cloud platform, external, self-operated, or yet another cloud service. Through this document, you will learn how to meet security and compliance requirements that relate to key management, what the desired outcomes and limitations of encryption are, and which forms of KMS are appropriate for different use cases. Additional recommendations are provided for cloud service providers offering key management functionality to customers.
- The conceptual architecture of a KMS, including 4 examples of cloud KMS patterns
- Encryption key management and control, including example controls for the different phases of the key management lifecycle
- Recommendations for utilizing the 2 most commonly used API architectures in the industry: REST (REpresentational State TRansfer) and SOAP (Simple Object Access Protocol)
- Practical considerations for API management
- Features of 5 major cloud service providers’ KMS offerings
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form