Thursday, March 3, 2016

Cloud Security & Key Management

Does one leverage a cloud provider's implicit encryption keys, their own key management system (KMS) service, or use a third-party?

First, it makes sense for an org to rely on a cloud provider's implicit key management until they are of scale to have InfoSec FTEs.

Second, some cloud consumers use multiple cloud providers (AWS, Rackspace), while some use a cloud provider via multiple regions.  So, as always it is about the requirements and budget.

With that said, here are some options:

  • AWS KMS
  • Rackspace / OpenStack Cloud Keep 
  • Vormetric
  • KeyNexus
  • Intuit
Also note that software providers, especially database vendors, also have their own offerings:

  • Microsoft
  • Oracle
As usual, there is no silver bullet, though crypto is something that a org certainly needs to do correctly.

No comments:

Post a Comment