Key management is the management of cryptographic keys in a system, in an electronic environment where encryption is being facilitated, in a cryptosystem. In order to achieve security in a system, cryptographic algorithms are used to generate keys which are later encrypted and decrypted to provide the requested information in a secure way.
Key Management is fundamental in any internet application to ensure the security of the data transmission, and crucial to preventing unauthorized access to sensitive information.
In a cryptographic system, data is being ciphered (encrypted) by means of a number of keys. These keys can be static, but in order to provide better levels of security, they will be generated dynamically. Depending on the number of transactions and systems connected, there could hundreds of thousands or even millions of keys that need to be generated and maintained. This is why Key Management is most important in the security of a system. Key management is important when dealing with security and privacy protection of the data contained, in order to prevent data loss/breach/contamination and comply with the relevant regulatory requirements. Key Management Systems (KMS), including hardware security modules and other cryptographic tools, are commonly used to meet compliance and data control requirements in addition to providing security benefits. There are examples of reference and industry standards that are widely used to guide and constrain KMS designs. These include NIST, Common Criteria, and PCI DSS (Payment Card Industry Data Security Standard).
There are a number of Open Cloud technologies available that can help organise the encryption and cryptographic system setup, including the Key Management. The following technologies are being following by OpenCloudification, most of them also supported through the cloud native framework.
Some interesting additional materials that can be used to learn more about Key Management systems, particularly in the cloud have been published by the CSA (Cloud Security Alliance), of which OpenCloudification supports through its partner LSEC, which is the BeLux EMEA partner of the CSA.
For more on the OpenCloudification Key Management technologies :
SPIFFE
SPIRE
Vault
Athenz
Teller
To access the Cloud Security Alliance whitepapers :
Key Management in Cloud Services : https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/
Recommendations for adopting a cloud-native key management service : https://cloudsecurityalliance.org/artifacts/recommendations-for-adopting-a-cloud-native-key-management-service/
Or you can download them directly.
.
.