Download Publication

Key management is the management of cryptographic keys in a cryptosystem. A reliable key management system (KMS) helps meet a business’s compliance and data control requirements and benefits the overall security of the organization.

There is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services, despite the fact that key management is essential to an organization’s overall cloud security. This document by the Cloud Key Management Working Group attempts to fill this gap. It provides guidance for using KMS in conjunction with SaaS, PaaS, or IaaS cloud services—whether the KMS is native to a cloud platform, external, self-operated, or yet another cloud service. Through this document, you will learn how to meet security and compliance requirements that relate to key management, what the desired outcomes and limitations of encryption are, and which forms of KMS are appropriate for different use cases. Additional recommendations are provided for cloud service providers offering key management functionality to customers.

Key Takeaways:

• The conceptual architecture of a KMS, including 4 examples of cloud KMS patterns
• Encryption key management and control, including example controls for the different phases of the key management lifecycle
• Recommendations for utilizing the 2 most commonly used API architectures in the industry: REST (REpresentational State TRansfer) and SOAP (Simple Object Access Protocol)
• Practical considerations for API management
• Features of 5 major cloud service providers’ KMS offerings

Who It’s For: Any cloud providers or cloud customers concerned with key security. This may include CISOs, regulators, developers, architects, security staff, and compliance staff.