Document offers guidance for implementing a key management system (KMS) that is a dependency of a cloud service without being hosted by the service
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, released Recommendations for Using a Customer Controlled Key Store. Written by CSA’s Cloud Key Management Working Group, the paper offers guidance to organizations that opt to use a customer controlled key store (CCKS), whereby the key management system (KMS) is external to a cloud service provider (CSP) despite the KMS being a dependency of a cloud service.
“With this document, we hope to guide the program or project manager as they lead their company through the CCKS lifecycle, providing them with the critical information they need to successfully map the pattern to their organization”
“Because CCKS is still relatively new within cloud computing, there isn’t a deep bench of best practices available. Even so, this pattern is growing in popularity and because of this, we felt it imperative to provide a sound set of guidelines that will help companies taking this path optimize their security and related costs, as well as their operational and business agility,” said Paul Rich, a lead author and co-chair of the Cloud Key Management Working Group.
Latest ITechnology News: CoreSite Expands in Miami, Completes Acquisition of State-of-the-Art Data Center
Because CCKS deals with the integration of a chosen KMS and at least one public cloud service, the document provides recommendations for choosing, planning, and deploying a KMS within the context of an integration pattern. It offers guidance pertaining to the technical, operational, legal, regulatory, and financial issues that an enterprise must consider when opting for a CCKS.
Using a CCKS presents numerous challenges, not the least of which is establishing a rationale for selecting a more complex and costly pattern. Despite the potential hurdles, there are several reasons a company might opt to use a CCKS, including:
- Control of some of all facets of key management
- Elimination of a cloud service provider’s ability to process customer data in plaintext
- A desire to simplify operational complexity, security, and cost by reducing the number of KMS instances
- Regulatory or contractual obligations surrounding KMS, standards, or operations
- Vendor lock-in
Latest ITechnology News: Swimlane Expands Into Middle East, Turkey and Africa
“With this document, we hope to guide the program or project manager as they lead their company through the CCKS lifecycle, providing them with the critical information they need to successfully map the pattern to their organization,” said Michael Born, one of the paper’s lead authors.
The Cloud Key Management Working Group aims to facilitate the standards for seamless integration between cloud service providers and key broker services. Individuals interested in becoming involved in Cloud Key Management future research and initiatives are invited to join the working group.
Download the full document. Those interested in gaining a deeper understanding of Cloud Key Management Service patterns, as well as guidance for its use are encouraged to read Key Management in Cloud Services: Understanding Encryption’s Desired Outcomes and Limitations.
Latest ITechnology News: Evocative Closes INAP Data Center Asset Acquisition
[To share your insights with us, please write to sghosh@martechseries.com]
