Register for CSA’s SECtember conference and trainings today


Research Topic

Cloud Key Management

Latest ResearchWorking Group
Recommendations for Adopting a Cloud-Native Key Management Service
Recommendations for Adopting a Cloud-Native Key Management Service


Cloud Key Management
What is cloud key management?
Key management is the management of cryptographic keys in a cryptosystem. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way. 
Cloud key management regards the service hosted on a cloud and where one can manage the symmetric and asymmetric cryptographic keys as on premise. 

Encryption key management is crucial to preventing unauthorized access to sensitive information.
(Encryption) Key management is important when dealing with security and privacy protection of the data contained, in order to prevent data loss/breach/contamination and comply with the relevant regulatory requirements. Key Management Systems, including hardware security modules and other cryptographic tools, are commonly used to meet compliance and data control requirements in addition to providing security benefits. Examples of reference standards that are widely used to guide and constrain KMS designs include NIST (the United States National Institute of Standards and Technologies, which authors the Federal Information Processing Standards, Common Criteria, and PCI DSS (Payment Card Industry Data Security Standard). 

What is CSA doing to address the challenges in cloud key management?
As an area of emergent technical focus there is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services. The Cloud Key Management Working Group will educate and provide guidance for the use of traditional and cloud key management systems with, and between, cloud services. If you are wondering how to start learning more, you can read their recommendations for choosing, planning, and deploying cloud-native Key Management Systems (KMS.

Cloud Key Management

Discuss this topic in Circle

Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.

View discussion community

Participate in Cloud Key Management Research

The Cloud Key Management working group aims to facilitate the standards for seamless integration between CSPs and key broker services.

View the working group

Cloud Security Research for Cloud Key Management

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Key Management when using Cloud Services

Key Management when using Cloud Services

The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. A cornerstone document for developing CSA EKM guidance is NISTIR 7956 (Cryptographic Key Management Issues & Challenges in Cloud Services. However, NISTIR 7956 does not address the necessity to first understand the business requirements and determine if encryption and KMS are even appropriate technologies. 

Recommendations for Adopting a Cloud-Native Key Management Service

Recommendations for Adopting a Cloud-Native Key Management Service

The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native Key Management Systems (KMS). From a high-level, the recommendations are applicable to a scenario where a customer has chosen to use the cloud service provider’s KMS, including the provider’s hardware key protection feature. The recommendations provided in this paper covers mainstream business and IT usage of hybrid and cloud technologies. 

Cloud Key Management Charter

Cloud Key Management Charter

The working group’s scope is to promote guidelines, best practices and standards that enhance the lives of technology professionals tasked with adopting and optimizing key management systems for use with cloud services. It aims to describe the state of the world (the “as-is”) regarding cloud key management and promote interoperability between legacy and cloud-hosted key management systems. It also assists with the pursuit of compliance to established standards (e.g. IETF, NIST) and documents and promotes the standardization and usage of emergent technical terms. Lastly, it assists with architecture, adoption, deployment, and robust operations


Security-as-Code:  What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

Blog Posts

Cloud Key Management 101: Cryptographic Keys and Algorithms
With Multi-Device Fido Credentials, You Can Now Go All-in on Passwordless
How to Protect Your Crypto from Hackers