Cloud Key Management

  • 1.  Meeting Minutes 18th May & Reminder 4 tomorrow's WG call!

    Posted May 24, 2022 03:49:00 AM
    Dear Cloud Key Mgmt working group members,

    Key takeaways from our working group call last Wednesday, May 18th:
    • Section 2 to be shortened and reviewed so that the items mentioned are 1:1 connected with the rest of the document.
    • Hyperlinks to be included when other sections are mentioned in the text.
    Reminder for tomorrow's working group call:


    Marina Bregkou,
    Senior Research Analyst,

  • 2.  RE: Meeting Minutes 18th May & Reminder 4 tomorrow's WG call!

    Posted May 25, 2022 08:06:00 AM

    Hi folks!


    Lake some of you, I joined the Zoom meeting and await the start of the meeting. Unfortunately, Marina had a medical emergency and asked me to lead the meeting without her, and I said I'd be happy to. I didn't realize that I don't have a "host" code or ability to start the meeting – I'm an attendee, just like you.  ��


    For that reason I'm informing you that we'll not be able to have today's call, and I'll follow up this short note with the items of what I was going to share and discuss with you today.


    Sorry for the false start! I'll send a longer email within the hour.



  • 3.  RE: Meeting Minutes 18th May & Reminder 4 tomorrow's WG call!

    Posted May 25, 2022 08:31:00 AM

    Hello again Working Group members!


    In the absence of our weekly meeting today, here are the items I was going to bring to the meeting:


    1. Section 2 of the CCKS (let's just shorten "Customer Controlled Key Store" all the time – so much easier!) was updated per our last meeting.
      1. I eliminated all the "example" details and simply listed each of the areas of consideration (technical, operational, etc.) with a word or two of clarification
      2. I added clarification about the guidance contained in the document, that it is scoped to the intersection of the CCKS and one or more cloud services.

                                                                   i.      I've tried to make clear that the document should not have recommendations about the KMS as a standalone system, just as we are not making any recommendations about the public cloud service(s) that the organization plans to use with the CCKS. Down further in the document, in the Technical and Operational considerations (I believe in Section 3) I added quite a number of comments to the effect that "this item is outside the scope of the document because it speaks only to the CCKS (KMS) and not to its use with cloud services".

                                                                 ii.      Please review your content in light of this scope. I will continue down the document this week when I have more time.

    1. The self-paced content for the introductory CSA Cloud Key Management course is ready to be reviewed. Anna Schorr sent out details about how to review the content and the type of feedback needed – you can find that email in our WG Circle content or in your inbox if you get those emails.
      1. Feedback is needed by Monday, May 30th.
    2. I was hoping to welcome Sumeet Shah, of American Express, to our Working Group. Sumeet has extensive experience in PKI and encryption so I'm hoping he'll be able to contribute to our work.


    Please work to either (a) update your content in response to comments/questions; (b) review sections you have agreed to review and provide comments/questions where the content is unclear, out of scope of the pattern, repeated, etc.


    Thank you all for devoting time to the current document. We are past the mid-point and that inspires me to want to push through and get to the finish line!