subject: Key Management Is Key To Cloud Security [print this page] Security for the cloud needs to be established especially in executing any application on the cloud which could directly affect achieving an organization's goals. Cloud computing alone is a very attractive concept due to its economic promises. In terms of protecting an organization's critical data, it demands a better system which will not compromise security, integrity, and accessibility of vital information.
Cloud security, with specific focus on key management, is sure to be one of the main questions asked by any enterprise as it considers moving applications and storing data in the cloud. As organizations start off with their initial steps to cloud computing, some complex issues are expected to be encountered.
How will their all-important keys be managed and will the data be encrypted to a high standard?
Key management is assumed by cloud providers in a very critical view. There are multiple solutions that store credentials inside and outside the cloud within a secure infrastructure depending upon the purchasing organizations cloud security needs. Plenty of providers are very much concerned with security of information both from the legal and data intrusion perspective. Is the data encrypted to a level sufficient to avoid access by potential hackers?
Is it possible for an independent attorney to provide a legal instrument such as a subpoena to gain access to data through the cloud system? Organizational system separation is maintained by some cloud security providers. This would be protecting a system from being accessed by a third party through an integrated system that would be key to preventing data from being compromised. Some key management and cloud security items to consider:
1. Advanced Encryption Standards should be used for keys to protect from acts of malicious intent. All customer encryption and authentication credentials in should be stored in an AES256-encrypted database with no encryption keys stored in the credentials management zone.
2. Every customer should have a unique access keys to prevent encroachment on others' data.
3. Keys should be stored outside the cloud infrastructure provider and only used when necessary. The infrastructure of the cloud needs to be viewed to be very vulnerable to attacks.
4. Not one cloud provider or provider for management solution should have any access to sensitive information or keys.
5. When it comes to sensitive information, there is a high level of necessity to consider backup encryption and file system.
Sustainability is very important, as it pertains to the day-to-day operations of a cloud security company. A meaningful and logically solution is required when it comes to key management.
Appropriate questions must be asked of a cloud service provider and the selection of appropriate partner should only be made on the basis of a clear understanding of the integrity of the entire solution. The process of hosting, administering, and allowing access to the relevant keys should be clear-cut and watertight.
The benefits of public cloud infrastructures have been well documented; scale, flexibility, and reduced capital expenses & operational costs. Cloud security will continue to evolve and improve and be high priority to an enterprise that has tight IT policies and procedures. A wider acceptance and mainstreaming of the concept of cloud security is expected, along with its increased benefits.
