Encryption key management is crucial to preventing unauthorized access to sensitive information.
|Cloud Security Alliance offers tips for using a customer controlled key store
|September 27, 2022
|Retaining Customer Control in a Multi-Cloud Environment
|October 26, 2022
Cloud Security Research for Cloud Key Management
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Key Management when using Cloud Services
The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. A cornerstone document for developing CSA EKM guidance is NISTIR 7956 (Cryptographic Key Management Issues & Challenges in Cloud Services. However, NISTIR 7956 does not address the necessity to first understand the business requirements and determine if encryption and KMS are even appropriate technologies.
Recommendations for Adopting a Cloud-Native Key Management Service
The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native Key Management Systems (KMS). From a high-level, the recommendations are applicable to a scenario where a customer has chosen to use the cloud service provider’s KMS, including the provider’s hardware key protection feature. The recommendations provided in this paper covers mainstream business and IT usage of hybrid and cloud technologies.
Cloud Key Management Charter
The working group’s scope is to promote guidelines, best practices and standards that enhance the lives of technology professionals tasked with adopting and optimizing key management systems for use with cloud services. It aims to describe the state of the world (the “as-is”) regarding cloud key management and promote interoperability between legacy and cloud-hosted key management systems. It also assists with the pursuit of compliance to established standards (e.g. IETF, NIST) and documents and promotes the standardization and usage of emergent technical terms. Lastly, it assists with architecture, adoption, deployment, and robust operations