In large enterprises where high volumes of data travel across networks, encryption is often used to protect sensitive data. In such situations, cryptographic key management is as integral to data security as controlling who accesses this data. But often the amount of the data and the size of the organization makes this task extremely challenging—especially when cloud services are also used.
The National Institute for Standards and Technology (NIST) has created a document, available in our IT Downloads area, that outlines the numerous challenges IT organizations face when using encryption with cloud services.
Cryptographic Key Management Issues & Challenges in Cloud Services explains basic management of cryptographic keys, details cloud computing models, and identifies the main cloud services and the types of security necessary to implement those services safely and securely.
The NIST documentation covers:
The text explains many challenges associated with encryption and cloud computing. According to the text of the document:
It must be noted upfront that in all architectural solutions where cryptographic keys are stored in the cloud, there is a limit to the degree of security assurance that the cloud Consumer can expect to get, due to the fact that the logical and physical organization of the storage resources are entirely under the control of the cloud provider.
Despite this warning, NIST provides several solutions that can provide a fairly high degree of security for your encryption implementation. It explains how to implement encryption for IaaS, PaaS, SaaS, and other cloud services.
This document provides intricate plans and explanations on security measures for securing enterprise data in the cloud. IT security staff will find the download to be well written, and easy to understand, despite its complex subject matter.