Key Management in the Cloud
In my previous cloud security blogs, I mentioned the need to use key-based encryption for protecting data. Whether the data is in flight (i.e., being transmitted) or at rest (i.e., stored), it must be encrypted to ensure confidentiality, integrity and availability. Managing encryption keys can be challenging. There are different key types (symmetric vs. asymmetric), key strengths (128-bit through 2048-bit and greater), key usage (privacy, key exchange, authentication and digital signature) and key encryption algorithms (AES, 3DES, SHA-1, SHA-2, MD5, etc). Furthermore, each data end point, like storage or server, requires an integration point that also needs to be managed. For example, for storage we need an encryption integration point for each storage medium (disk, SAN, NAS or tape).
Read more