Home > Design Patterns > Cloud Key Management

Cloud Key Management (Cope, Erl, Kristan)

How can encryption keys be effectively managed for a cloud environment?

Cloud Key Management


While encryption is foundational to cloud security, the management of encryption keys is one of the most difficult challenges in cloud computing. Failure to adequately manage encryption keys can lead to a range of administrative and security problems.


A cloud key management system is employed, available either as a physical or virtual network attached device.


A cryptographic key management system (CKMS), optionally using a hardware security module (HSM) for key protection, consisting of systems, personnel and policies is implemented to manage keys for encryption of all required data for both on-premise and cloud resources.
Cloud Key Management: A sample CKMS architecture.

A sample CKMS architecture.