Cryptographic Key Management Considerations for Secure


            Cloud Computing

            by Brian Jenkins, VP of Product, StrongKey





            The  cloud  has  gained  enormous  adoption  due  to  the  value  of  outsourced  hardware  and  software
            ownership and maintenance in multi-tenant environments. Organizations benefit from significant cost
            savings, ease of use, and scalability benefits. This has been a particular boon for mid-sized businesses
            since they don’t have to build out their own infrastructure.

            When it comes to security, however, the using the cloud is comparable to leaving your house key under
            the door mat. You have outsourced not only your infrastructure but the encryption keys to your sensitive
            data and files as well.

            To be truly secure, you need to think about who has access to the encryption keys. Unless you have
            exclusive control of your encryption keys, you could be at risk. Unfortunately, that is not the case with
            the cloud and it’s one of the reasons why we continue to get apologetic emails notifying us that our data
            has been compromised. Each cloud service and software-as-a-service provider represents a huge attack
            surface and is therefore a serious target. With everything moving into the cloud, how do you make key
            management work? This is a challenge that needs to be solved.



            Keys in The Cloud

            Organizations often assume they need a multi-tenant cloud solution (applications, database, files, and
            everything else hosted in the cloud). This is the simplest concept since it’s easy to understand how on-
            premise infrastructure can be visualized as cloud instances. However, moving key management systems
            (KMS) to the cloud using any of the three common cloud-based options poses significant risks.







                                 157