Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
CxO Initiative
Contact Us
Current Business Members
Cloud Customers
Cloud Solution Providers
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events & Webinars
Learn and network while you earn CPE credits.
Events
CloudBytes Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

Cloud Key Management

Latest ResearchJoin Group
Key Management in Cloud Services
Key Management in Cloud Services

Download

Research Home
View Working Groups
Contribute
Download Publications
Peer Review: Recommendations for Adopting a Cloud-Native Key Management Service
Home
Research
Working Groups
Cloud Key Management
What is cloud key management?
Key management is the management of cryptographic keys in a cryptosystem. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way. Cloud key management regards the service hosted on a cloud and where one can manage the symmetric and asymmetric cryptographic keys as on premise. 

Encryption key management is crucial to preventing unauthorized access to sensitive information.
(Encryption) Key management is important when dealing with security and privacy protection of the data contained, in order to prevent data loss/breach/contamination and comply with the relevant regulatory requirements. Key Management Systems, including hardware security modules and other cryptographic tools, are commonly used to meet compliance and data control requirements in addition to providing security benefits. Examples of reference standards that are widely used to guide and constrain KMS designs include NIST (the United States National Institute of Standards and Technologies, which authors the Federal Information Processing Standards, Common Criteria, and PCI DSS (Payment Card Industry Data Security Standard). 

What is CSA doing to address the challenges in cloud key management?
Cloud services are becoming ubiquitous in organizations of all sizes and customers are encountering many obligations and opportunities for using key management systems with those cloud services. As an area of emergent technical focus there is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services.   

The Cloud Key Management Working Group will educate and provide guidance for the use of traditional and cloud key management systems with, and between, cloud services. 

Cloud Key Management

The Cloud Key Management working group aims to facilitate the standards for seamless integration between CSPs and key broker services.

Join Group

Next Meeting

Jun 15, 2021, 09:00AM PDT
Join the Meeting


Working Group Leadership

Mike Schrock Headshot

Mike Schrock

Paul Rich Headshot

Paul Rich

Join this working group

Cloud Security Research for Cloud Key Management

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Key Management when using Cloud Services

Key Management when using Cloud Services

The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. A cornerstone document for developing CSA EKM guidance is NISTIR 7956 (Cryptographic Key Management Issues & Challenges in Cloud Services. However, NISTIR 7956 does not address the necessity to first understand the business requirements and determine if encryption and KMS are even appropriate technologies. 

Download the guide
View All Research

Blog Posts

How to Ensure Data Protection in Multi-Cloud
Read Now
​Developing Key Management Systems
Read Now

Press Coverage

Article TitleSourceDate
Cloud Security Alliance Releases Key Management In Cloud Services: Understanding Encryption’s Desired Outcomes And LimitationsAIthorityNovember 10, 2020