Key Management in the Cloud

By Tim Mather
January 7, 2010 | Comments: 1

Cryptographic key management in the enterprise today is broken. It is a failed model of proprietary 'solutions' that is not effective, nor is it scalable. If we expect key manage-ment to work in the cloud, then we need a new model. Fortunately, OASIS (Organization for the Advancement of Structured Information Standards), and specifically, its Key Management Interoperability Protocol (KMIP) Technical Committee (TC) is working on an improved model, unified cloud management. While KMIP will certainly improve enterprise key management, such an improvement is still not good enough to scale to cloud computing.

What cloud computing needs is federated key management. Similar to federated identity management, federated key management is needed for inter- (cross) enterprise and cloud use. The primary issues that need to be addressed with key management for cloud computing are not only interoperability, which KMIP is addressing, but also scalability, which KMIP is not addressing.

Kudos to KMIP TC for addressing the enterprise key management problem, but we need to go further. Frankly, the lack of a viable key management model available today for cloud comput-ing is a major security and operational issue. For cloud computing use to effectively scale, then a scalable key management model is required.


You might also be interested in:

1 Comment

Good point. Take a look however at http://www.porticor.com and its unusual approach to this problem. We blog about it here:
http://www.porticor.com/2011/05/cloud-key-management-and-master-keys-for-encryption-in-cloud/

News Topics

Recommended for You

Got a Question?