Dear members,
Please find below the meeting minutes from our WG call on the 27th of November.
The group went through the 2 documents they are developing:
-
Key Management when Migrating Data from on-prem to the (public) Cloud
-
Multi-Cloud KMS Recommendations
1. Resolving Public Peer Review Comments from the Migration document:
Key Management and Cyber Resilience
The team discussed whether to include information on cyber resilience in the Migration document. Sunil believes their document is not directly focused on cyber resilience, but acknowledges that key management is part of overall IT resilience. Marina and Alex agree that responsible key management falls under business continuity, but adding specific content on cyber resilience may not add much value to the document. They decide not to add a dedicated section on cyber resilience, but may mention key management's role in business continuity planning and disaster recovery
They also discussed the need for compliance standards in the addendum, with Sunil agreeing to add any known standards.
Key Rotation Strategies in Document
The team discussed whether to include details on key rotation strategies in the document. They agreed that key rotation is mentioned multiple times throughout the document, so adding a dedicated section would be repetitive. Instead, they decide to leave the existing references to key rotation as is and not go into further detail, since the focus of the document is on key migration rather than rotation strategies.
Key Vault Discussion
Sunil and Marina discussed the relevance of a specific aspect related to key vault in the paper. They concluded that it was not applicable and decided to move forward with the document. Marina mentioned that the document would be sent for copy editing and would likely be published around January.
2. Multi-Cloud KMS recommendations paper:
Resolving and addressing Comments from the document’s internal review process
The team discussed updates to Section 2.3.9 and Section 2.4.4. Marina agreed to work on the comments left for Akshay’s section and update the language. Sam also discussed the need to address Alex's comments in Section 2.4.4, particularly regarding data sovereignty regulations and the use of product agnostic solutions across multiple environments. Yuvaraj suggested that the topic of key rotation should be addressed separately. Sam agreed to resolve Alex's comments and delete certain sentences, and to combine the remaining comments into one paragraph.
Collaborative Review of Section 3.4-Third Party Multi-Cloud KMS
Marina provides an update on section 3.4, sharing content from Thalis with some references removed, pending copyright clearance. Sam offers to review the content to ensure it is not vendor-specific. Marina confirms she will complete sections 2.3 and 3.1. Sam proposes collaborating with Alex and Yuvaraj to finalize section 3.4, planning to send an email for everyone to contribute edits or suggestions.
Work Progress and Timeline
The team discussed the progress of their work and the potential for a document refresh in 2025. They also discussed the timeline for the release of the migration document, which is expected to be in February with the delay. The team also discussed the need for a document refresh, which would involve updating previously published documents. The Multi-cloud document will probably be published in March.
Previous Action Items:
-
Marina to add quantum key distribution to the glossary and include a reference in the main document - On going
-
Sam to review and restructure content in section 2.3, moving recommendations to appropriate sections. - DONE
-
Marina to review and address Alex's feedback on the availability section. - DONE
-
Sam to reach out to contacts at FutureX about potential participation in the 3rd party multi-cloud KMS section. - DONE
-
Alex to follow up with previously introduced contacts for potential help with the document. - DONE
-
Marina to include Alex's key management lifecycle diagram in the document and address the key escrow topic.- half PENDING (key escrow addressed, diagram pending)
Next steps:
-
Marina to add quantum key distribution to the glossary and include a reference in the main document.
-
Marina to include Alex's key management lifecycle diagram in the Multi-Cloud document.
-
Marina to resolve open comments and update sections 2.3.4 and 3.1 of the document.
-
Marina to confirm copyright permissions for using Thales content in the document
-
Sam ( @Sam Pfanstiel) to review and refactor the Thales material added to section 3.4.
-
Sam, Alex, and Yuvaraj ( @Yuvaraj Madheswaran) to collaborate on reviewing and finalizing section 3.4.
Next call: 11 December.
Time: 09:00 a.m. P.T. / 12:00 p.m. E.T. / 17:00 GMT
URL: https://zoom.us/j/93617880747 (Meeting ID: 936 1788 0747, Passcode: 536522)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------