  Outsourced KMS (the cloud service provider owns the keys): Cloud vendors will say that all your
                   data and files are secured and encrypted. That’s good – except if the provider or your account
                   credentials to the provider get hacked (as it did in Uber's case with AWS). Your files may be
                   encrypted, but if you’re storing your encryption keys with them, then the attacker can decrypt
                   everything if their attack gains access to your keys as well.


                 Cloud KMS (you own the keys but they’re stored in cloud software): A software-based, multi-
                   tenant  cloud  KMS  is  especially  ill-suited  for cryptographic  key  management.  Since  hardware
                   resources are shared across multiple clients, there’s a higher level of insecurity to the protection
                   of these keys – the Spectre and Meltdown vulnerabilities are testament to this.

                 Cloud HSM (you own the keys but they’re stored in cloud hardware): The “gold standard” for
                   protecting encryption keys are secure cryptoprocessors - hardware security modules (HSM) and
                   trusted platform modules (TPM). Although certain risks are mitigated by using a cloud-based HSM
                   or TPM, the fact remains that in the cloud, even applications that use secure cryptoprocessors
                   are  still  part  of  a  multi-tenant  infrastructure.    Between  attacking  a  purpose-built  hardware
                   cryptoprocessor or an application running in a multi-tenant environment, the application is always
                   the easier target from an attacker’s point-of-view.



            Obey the Laws

            Even if you trust the cloud to provide all of the industry buzzwords about perimeter security with next-
            generation firewalls, intrusion detection, and other protective measures, securing the core elements your
            business  depends  on  –  sensitive  data  and  files  –  against  breaches  requires  encryption  using  the
            fundamental “Laws of Cryptographic Key Management”:

            1.  Cryptographic keys must be protected under the control of secure cryptoprocessors (HSM/TPM).

            2.  Cryptographic keys must be under the exclusive control of multiple key custodians within a single
            organization.

            3.  The parts of the application that use cryptoprocessors to operate on sensitive data must not execute
            within public multi-tenant environments – not only is sensitive data already unprotected in the multi-tenant
            environment, but so are the secrets that authenticate the application to the cryptoprocessor, potentially
            leading to the breach of encrypted data using the secure cryptoprocessor in the attack.

            Unfortunately, no currently designed public cloud can meet these essential requirements. Organizations
            that leave security solely in the hands of cloud providers could be in for a rude awakening.














                                 158