Key Management in the Cloud

Ownership, Control, and Possession

As organizations increasingly migrate applications, workloads, and data to the cloud, establishing how to manage the cryptographic keys that protect these critical resources is an area of much debate. While some organizations are content to allow cloud service providers (CSPs) to generate and manage cryptographic keys for them, manage, others might feel it’s at odds with their security policies.

In this white paper we examine the concepts of ownership, control, and possession of cryptographic keys, and how they can inform your choices when using cloud services based on:

• Extent that your organization has migrated to the cloud
• Specific controls you wish to maintain
• Compliance with security policies and regulations