Working Group

Cloud Key Management

The Cloud Key Management working group aims to facilitate the standards for seamless integration between CSPs and key broker services.
Sign-Up View Current Projects
Recommendations for Adopting a Cloud-Native Key Management Service
Recommendations for Adopting a Cloud-Native Key Management Service


Cloud Key Management
Working Group Overview

The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing key management systems for use with cloud services.

What do we discuss during our meetings? 

During these meetings we typically discuss changes in the industry that relate to cloud key management, and collaborate on projects the group is working on.

Drafts & Important Docs

Working Group Leadership

Mike Schrock Headshot
Mike Schrock

Mike Schrock

Senior Director Global Business Development – Cloud Strategy

Mike Schrock joined Thales Group (formally Gemalto) in 2015 as the Senior Director, Business Development, managing Cloud Service Provider Strategy. Mr. Schrock is passionate about and has championed digital transformation for over twenty years in his technology alliance and executive management experience, particularly in the digital, cloud and network security, internet and mobile sectors. Prior to joining Gemalto, he held executive roles ...

Read more

Paul Rich Headshot
Paul Rich

Paul Rich

Executive Director, Data Management & Protection

Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and secu...

Read more

Publications in ReviewOpen Until
Top Threats to Cloud Computing Pandemic ElevenMay 21, 2022
Third-Party Vendor Risk ManagementJun 13, 2022
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Top Threats to Cloud Computing Pandemic Eleven

Open Until: 05/21/2022

The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the ...

Third-Party Vendor Risk Management

Open Until: 06/13/2022

The increased use of third-party vendors for applications and data processing services is a business model that is likely t...