Cloud computing is gaining more and more traction across enterprises and SMB organizations. Its many benefits and cost structure provide an attractive alternative to the traditional data center, but at the same time cloud data security, cloud encryption and cloud key management remains top concerns. Thought leaders and analysts agree that cloud data encryption is a fundamental first step. But when looking at the fine print, a more complicated situation is revealed.
We commonly identify 3 approaches to cloud key management; all have their pros and cons. The first approach is to use the encryption as provided by your cloud provider, the pros are obvious – it’s easy to deploy and manage and it transparently integrates with your cloud data layer – but the cost is high – you trust your cloud provider with what should be your best kept secret – your encryption keys. Data security expert Rich Mogul had described it well on his blog. The second approach is to trust a third party with your encryption keys. This approach eliminates some cloud flexibility advantages as encryption is no longer integrated to your cloud, and still carries the same risks as before – you trust a third party with your keys. The third approach involves implementing a key management server back in the physical data center. While this approach is indeed secure, it eliminates many cloud advantages, and forces you back to your data center, when what you wanted is to migrate to the cloud.