Key Management Considerations for Cloud Computing
Level of Protection
- Encryption keys must be secured at the same level of control or higher as the data they protect
Key Recovery
- need to have the ability to recover keys in case original user leaves the company, loses password, etc.
- process usually entails multiple people
- each has a portion of the key
- uses a key escrow system
Key Distribution
- Out-of-band key distribution can be a good idea
- in cloud, usually natively support key distribution
- may need to create keys locally, then upload them
- may use a cloud key management service
Key Revocation
- organization needs a process for suspending a key or a user’s ability to use a key
- keys are marked as revoked
- may use a centralized implementation
Key Escrow
- key escrow is used to hold keys in a secure way so that they can be recovered by authorized parties
- copy of a key is held by a trusted third party in a secure environment
- BitLocker keys for Windows workstations are often escrowed
Key Lifetime
- Keys shouldn’t live forever
- determining key life is an important part of the security design process
- best practices are found in NIST’s key management guidelines
Outsourcing Key Management
- keys should not be stored with the data they are protecting
- don’t make access to keys readily available without authorization and need to know
- in cloud computing, preferable to store keys other than cloud provider’s data center
- organization itself can retain keys
- requires infrastructure and skilled personnel
- can use a CASB
- third party organization that handles IAM and key management services for cloud customers
- cost of CASB is lower than managing keys yourself
- e.g.,
- Zscaler
- Netskope
- McAfee’s Enterprise CASB tool