Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Download Publication

Home
Publications
Key Management in Cloud Services
Key Management in Cloud Services

Key Management in Cloud Services

Release Date: 11/09/2020

Working Group: Cloud Key Management

Key management is the management of cryptographic keys in a cryptosystem. A reliable key management system (KMS) helps meet a business’s compliance and data control requirements and benefits the overall security of the organization.


There is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services, despite the fact that key management is essential to an organization’s overall cloud security. This document by the Cloud Key Management Working Group attempts to fill this gap. It provides guidance for using KMS in conjunction with SaaS, PaaS, or IaaS cloud services—whether the KMS is native to a cloud platform, external, self-operated, or yet another cloud service. Through this document, you will learn how to meet security and compliance requirements that relate to key management, what the desired outcomes and limitations of encryption are, and which forms of KMS are appropriate for different use cases. Additional recommendations are provided for cloud service providers offering key management functionality to customers.


Key Takeaways:
  • The conceptual architecture of a KMS, including 4 examples of cloud KMS patterns
  • Encryption key management and control, including example controls for the different phases of the key management lifecycle
  • Recommendations for utilizing the 2 most commonly used API architectures in the industry: REST (REpresentational State TRansfer) and SOAP (Simple Object Access Protocol)
  • Practical considerations for API management
  • Features of 5 major cloud service providers’ KMS offerings
Who It’s For: Any cloud providers or cloud customers concerned with key security. This may include CISOs, regulators, developers, architects, security staff, and compliance staff.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources

Related Resources

PublicationsBlogs
HSM-as-a-Service Use Cases, Considerations, and Best Practices
HSM-as-a-Service Use Cases, Considerations, and...
Download Now
Key Management Lifecycle Best Practices
Key Management Lifecycle Best Practices
Download Now
Recommendations for using a Customer Controlled Key Store
Recommendations for using a Customer Controlled...
Download Now
View all publications
Non-Human Identity Management Program: Guide Step-by-Step
Non-Human Identity Management Program: Guide Step-by-Step
Published: 11/14/2024
Unpacking the Cloud Security Best Practices from CISA and the NSA
Unpacking the Cloud Security Best Practices from CISA and the NSA
Published: 10/25/2024
Optimizing Secrets Management to Enhance Security and Reduce Costs
Optimizing Secrets Management to Enhance Security and Reduce Costs
Published: 10/22/2024
What is Session Hijacking? A Technical Overview
What is Session Hijacking? A Technical Overview
Published: 10/10/2024
View all blogs
View all webinars

Acknowledgements

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Marina Bregkou
Marina Bregkou
Senior Research Analyst, CSA EMEA

Marina Bregkou

Senior Research Analyst, CSA EMEA

Ashish Kurmi Headshot Missing
Ashish Kurmi

Ashish Kurmi

Paul Rich
Paul Rich
Executive Director, Data Management & Protection

Paul Rich

Executive Director, Data Management & Protection

Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and secu...

Read more

Mike Schrock
Mike Schrock
Senior Director Global Business Development – Cloud Strategy

Mike Schrock

Senior Director Global Business Development – Cloud Strategy

Mike Schrock joined Thales Group (formally Gemalto) in 2015 as the Senior Director, Business Development, managing Cloud Service Provider Strategy. Mr. Schrock is passionate about and has championed digital transformation for over twenty years in his technology alliance and executive management experience, particularly in the digital, cloud and network security, internet and mobile sectors. Prior to joining Gemalto, he held executive roles ...

Read more

Doug Egan
Doug Egan
Director, Cybersecurity and Privacy

Doug Egan

Director, Cybersecurity and Privacy

Doug is a Senior Cybersecurity leader of global IT security, privacy, compliance, service development and management, with over 17 years of global and domestic experience in security architecture, design and compliance, combined with over 20 years in Software Engineering. During his tenure at Computer Sciences Corporation (CSC), Doug led the development of complex managed security solutions, for the entire portfolio of the global Managed Se...

Read more

Subhojit Goswami Headshot Missing
Subhojit Goswami

Subhojit Goswami

Anup Marwaha
Anup Marwaha
Sr Technical Director

Anup Marwaha

Sr Technical Director

Cyber security leader with hands-on experience in enhancing security posture for global Enterprises. Helping DevSecOps achieve enterprise grade key management, to reduce risk & deliver enhanced security solutions. Expertise in addressing needs in the field of digital trust & data protection.

Read more

Christiane Peters Headshot Missing
Christiane Peters

Christiane Peters

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training