Who it's for:
- Security Architects
- IT Analyst
- System Integrators
- Compliance Managers
- Cybersecurity Professionals
- Program and Project Managers
- Cloud Customers
Recommendations for Adopting a Cloud-Native Key Management Service
Release Date: 09/14/2021
Working Group: Cloud Key Management
This document will help organizations understand how to assess and implement cloud key management services with regard to an organization’s needs for key management. It is then up to the customer to then use encryption keys (or other artifacts, such as secrets) in ways that follow encryption best practices.
- Learn how to create a list of requirements that the provider can meet.
- When planning for deployment, learn how to create a list of requirements that will be used by the user deploying the cloud-native KMS.
- Understand how to perform the processes required to set up the KMS and start utilizing its services.
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form
Executive Director, Data Management & Protection
Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and secu...
Risk, Audit, Control and Compliance Professional
Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson and Johnson Inc., and Baxter, Inc. Within CSA, he has served as lead author/contributor for 11 projects completed by CSA’s Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, and Software-Defined P...
Senior Director Global Business Development – Cloud Strategy
Mike Schrock joined Thales Group (formally Gemalto) in 2015 as the Senior Director, Business Development, managing Cloud Service Provider Strategy. Mr. Schrock is passionate about and has championed digital transformation for over twenty years in his technology alliance and executive management experience, particularly in the digital, cloud and network security, internet and mobile sectors. Prior to joining Gemalto, he held executive roles ...
Senior advisor Security & Compliance at Akamai Technologies
Vani is an active contributor to several Cloud Security Alliance working groups, including Application Containers and Microservices, Serverless, Top threats, Cloud Control Matrix (CCMv4), SDP Expert Group (Advisory Group to the Office of the CTO), Cloud Key Management etc. Vani has co-authored publications such as "How to Design a Secure Serverless Architecture", "CCM v4.0 Implementation Guidelines", "Cloud Top Threats". She has...