Download Publication
Key Management in Cloud Services
Release Date: 11/09/2020
Working Group: Cloud Key Management
- The conceptual architecture of a KMS, including 4 examples of cloud KMS patterns
- Encryption key management and control, including example controls for the different phases of the key management lifecycle
- Recommendations for utilizing the 2 most commonly used API architectures in the industry: REST (REpresentational State TRansfer) and SOAP (Simple Object Access Protocol)
- Practical considerations for API management
- Features of 5 major cloud service providers’ KMS offerings
Download this Resource
Prefer to access this resource without an account? Download it now.
Acknowledgements
Michael Roza
Risk, Audit, Control and Compliance Professional
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...
Marina Bregkou
Senior Research Analyst, CSA EMEA
Ashish Kurmi
Paul Rich
Executive Director, Data Management & Protection
Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and secu...
Mike Schrock
Senior Director Global Business Development – Cloud Strategy
Mike Schrock joined Thales Group (formally Gemalto) in 2015 as the Senior Director, Business Development, managing Cloud Service Provider Strategy. Mr. Schrock is passionate about and has championed digital transformation for over twenty years in his technology alliance and executive management experience, particularly in the digital, cloud and network security, internet and mobile sectors. Prior to joining Gemalto, he held executive roles ...
Doug Egan
Director, Cybersecurity and Privacy
Doug is a Senior Cybersecurity leader of global IT security, privacy, compliance, service development and management, with over 17 years of global and domestic experience in security architecture, design and compliance, combined with over 20 years in Software Engineering. During his tenure at Computer Sciences Corporation (CSC), Doug led the development of complex managed security solutions, for the entire portfolio of the global Managed Se...
Subhojit Goswami
Anup Marwaha
Sr Technical Director
Cyber security leader with hands-on experience in enhancing security posture for global Enterprises. Helping DevSecOps achieve enterprise grade key management, to reduce risk & deliver enhanced security solutions. Expertise in addressing needs in the field of digital trust & data protection.
Christiane Peters
Interested in helping develop research with CSA?
Related Certificates & Training
CSA's Cloud Infrastructure Security training provides a high-level introduction to the most critical cloud security topics through virtual self-paced courses. Each Cloud Infrastructure Security training focuses on a specific area of cloud computing, and is design to be succinct, taking one-hour to complete.
Learn more