Cloud Key Management

Latest ResearchJoin Group
Recommendations for Adopting a Cloud-Native Key Management Service
Recommendations for Adopting a Cloud-Native Key Management Service

Download

Peer Review: Cloud Key Management System with External Origin Key
Cloud Key Management
What is cloud key management?
Key management is the management of cryptographic keys in a cryptosystem. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way. Cloud key management regards the service hosted on a cloud and where one can manage the symmetric and asymmetric cryptographic keys as on premise. 

Encryption key management is crucial to preventing unauthorized access to sensitive information.
(
Encryption) Key management is important when dealing with security and privacy protection of the data contained, in order to prevent data loss/breach/contamination and comply with the relevant regulatory requirements. Key Management Systems, including hardware security modules and other cryptographic tools, are commonly used to meet compliance and data control requirements in addition to providing security benefits. Examples of reference standards that are widely used to guide and constrain KMS designs include NIST (the United States National Institute of Standards and Technologies, which authors the Federal Information Processing Standards, Common Criteria, and PCI DSS (Payment Card Industry Data Security Standard). 

What is CSA doing to address the challenges in cloud key management?
As an area of emergent technical focus there is little independent analysis and guidance in the public domain for addressing the intersection of key management and cloud services.  The Cloud Key Management Working Group will educate and provide guidance for the use of traditional and cloud key management systems with, and between, cloud services. If you are wondering how to start learning more, you can read their recommendations for choosing, planning, and deploying cloud-native Key Management Systems (KMS.

Cloud Key Management

The Cloud Key Management working group aims to facilitate the standards for seamless integration between CSPs and key broker services.

Next Meeting

Nov 02, 2021, 09:00AM PDT
Join the Meeting



Working Group Leadership

Mike Schrock Headshot
Mike Schrock
Mike Schrock

Senior Director Global Business Development – Cloud Strategy

Mike Schrock joined Thales Group (formally Gemalto) in 2015 as the Senior Director, Business Development, managing Cloud Service Provider Strategy. Mr. Schrock is passionate about and has championed digital transformation for over twenty years in his technology alliance and executive management experience, particularly in the digital, cloud and network security, internet and mobile sectors. Prior to joining Gemalto, he held executive roles ...

Read more

Paul Rich Headshot
Paul Rich
Paul Rich

Executive Director, Data Management & Protection

Paul Rich is the executive director, data management and protection for JPMorgan Chase & Co., where he leads the strategy and implementation within the company for unstructured data protection both in the cloud and on-premises. He is the co-chair of the CSA Cloud Key Management Working Group, which he envisions as a means of hearing diverse perspectives on the use of cloud services and expectations for both data privacy and secu...

Read more

Join this Circle Group

Cloud Security Research for Cloud Key Management

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Key Management when using Cloud Services

Key Management when using Cloud Services

The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. A cornerstone document for developing CSA EKM guidance is NISTIR 7956 (Cryptographic Key Management Issues & Challenges in Cloud Services. However, NISTIR 7956 does not address the necessity to first understand the business requirements and determine if encryption and KMS are even appropriate technologies. 

Recommendations for Adopting a Cloud-Native Key Management Service

Recommendations for Adopting a Cloud-Native Key Management Service

The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native Key Management Systems (KMS). From a high-level, the recommendations are applicable to a scenario where a customer has chosen to use the cloud service provider’s KMS, including the provider’s hardware key protection feature. The recommendations provided in this paper covers mainstream business and IT usage of hybrid and cloud technologies. 

Blog Posts

Think Your Data is Secure? Three Questions You Need to Answer Right Now
The Adoption of Multi-Cloud Drives the Need for Better Data Protection and Management of Encryption Keys and Policy Controls
Split Knowledge: Literally the Key to Secure Encryption