Cloud Key Management

Latest ResearchJoin Group
Key Management in Cloud Services
Key Management in Cloud Services


Join this Circle Group
Cloud Key Management
What is cloud key management?
Key management is the management of cryptographic keys in a cryptosystem. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way. Cloud key management regards the service hosted on a cloud and where one can manage the symmetric and asymmetric cryptographic keys as on premise. 

Encryption key management is crucial to preventing unauthorized access to sensitive information.
Encryption) Key management is important when dealing with security and privacy protection of the data contained, in order to prevent data loss/breach/contamination and comply with the relevant regulatory requirements. Key Management Systems, including hardware security modules and other cryptographic tools, are commonly used to meet compliance and data control requirements in addition to providing security benefits. Examples of reference standards that are widely used to guide and constrain KMS designs include NIST (the United States National Institute of Standards and Technologies, which authors the Federal Information Processing Standards, Common Criteria, and PCI DSS (Payment Card Industry Data Security Standard). 

What is CSA doing to address the challenges in cloud key management?
Cloud services are becoming ubiquitous in organizations of all sizes and customers are encountering many obligations and opportunities for using key management systems with those cloud services. As an area of emergent technical focus there is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services.   

The Cloud Key Management Working Group will educate and provide guidance for the use of traditional and cloud key management systems with, and between, cloud services. 

Cloud Key Management

The Cloud Key Management working group aims to facilitate the standards for seamless integration between CSPs and key broker services.

Next Meeting

Jul 27, 2021, 09:00AM PDT
Join the Meeting

Working Group Leadership

Mike Schrock Headshot

Mike Schrock

Paul Rich Headshot

Paul Rich

Join this Circle Group

Cloud Security Research for Cloud Key Management

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Key Management when using Cloud Services

Key Management when using Cloud Services

The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. A cornerstone document for developing CSA EKM guidance is NISTIR 7956 (Cryptographic Key Management Issues & Challenges in Cloud Services. However, NISTIR 7956 does not address the necessity to first understand the business requirements and determine if encryption and KMS are even appropriate technologies. 

Blog Posts

Split Knowledge: Literally the Key to Secure Encryption
How to Ensure Data Protection in Multi-Cloud
​Developing Key Management Systems