Dear members,
Below you can find the minutes from the working group call on the 29th of May.
Recording: https://cloudsecurityalliance.zoom.us/rec/share/jNmq4u6tUg1xFqGoX1eORzgyV0u3OQDhBbCW5UUzXfEwj8KkXjRo6ZFXr1fcvsCZ.eNZ4mX_ORvBLYiwX (Passcode: QL0v3X#j)
Minutes:
Best Practices Paper Progress and Refinement
The team discussed the progress of the 'best practices paper' on key management, which had been in development for approximately six months. Michael expressed concerns about the paper's scope, suggesting it was too detailed and off-topic in parts, particularly the data section. Sunil clarified the paper's focus was on the best practices for managing keys during the migration of on-premises data to the cloud. The team agreed to refine the paper's focus and structure based on these points.
Concerns Over Best Practices Documentation
Michael expressed concerns about the current approach to documenting best practices, questioning whether they should continue with the detailed, technical approach or simplify it. Sunil explained that they had initially tried to keep the document short and concise, but as they delved deeper into the subject, it grew longer. Alex clarified that the current section on information integrity might need to be expanded. Alex also mentioned a recurring question about the necessity of encryption. As a result of these concerns, Sunil said will contribute more to the document to provide a different perspective.
Encryption Debate and Data Security Concerns
The team discussed the importance of encryption in protecting data during transport. They debated the effectiveness of TLS in providing sufficient security, with expressing concerns about potential vulnerabilities and the need for additional measures. The concept of ephemeral storage was introduced as a potential solution, but the team remained divided on the necessity of end-to-end encryption to guarantee data security. The implications of network troubleshooting and the potential inadvertent disclosure of keys were also highlighted as potential risks.
Transport Layer Encryption and Paper Improvements
The team discussed the importance of transport layer encryption within the organization, particularly in relation to a potential transition to a public cloud. Sunil agreed to provide a clear example to better understand the issue and emphasized that the focus should be on defense in depth rather than specific protocols such as TLS. The team also discussed the need to differentiate between application layer and transport layer encryption. Furthermore, the team deliberated on refining a paper, with Michael highlighting the need for accurate examples and relevant discussions, and Sunil agreeing to review sections of the paper and coordinate with Michael for improvements. Sunil also planned to liaise with Yuvaraj regarding the removal of certain information from the paper.
Reviewing and Revising the Document
Some sections of the document were identified as potentially redundant or too general, and were suggested to be removed. Sunil agreed to review the document further and note down what could be removed to make the doc more cohesive.
Multi-Cloud KMS document (includes minutes from the document's sub-group call on June 7th.)
Sam presented the progress on the paper related to managing keys across multiple cloud providers. He highlighted the importance of the project's goal, which is to identify the associated risks and business drivers. Sam also discussed the architecture use cases, risks, and business impacts, and invited feedback and involvement from the team. He further clarified the structure and terminology of the document, and announced that the next sub-group meeting will be held in a week. The discussion also included refining the language used in the document to better reflect the risks and controls associated with key management in multi-cloud.
Cloud-Managed Key Material Discussion
Sam and Akshay discussed the concept of cloud-managed key material and directed key management in a multi-cloud context. Akshay explained that a third-party provider could generate and provide encryption keys, eliminating direct customer management. This idea was considered for further exploration in a future meeting.
Clarifying Key Material and Keys
The team discussed the need to clarify the difference between key material and keys. Simon agreed to add a statement to better explain this distinction, while also considering the industry definitions. Sam emphasized the importance of defining these terms correctly.
TLS Transmission and Cryptographic Keys
Concepts behind TLS transmission and the usage of cryptographic keys in multi-cloud architectures were discussed. They agreed on the importance of understanding the architecture and usage examples of these keys, particularly in relation to TLS transmission. Sam emphasized that the intent of the document was to explain how streaming works in a multi-cloud context, rather than a general overview.
Clarifying Privacy, Confidentiality, and Integrity
It was clarified that TLS does not ensure privacy as it reveals the source and destination, and privacy cannot be concealed. Vani pointed out that data in transit might not be private, but it's protected. Alex further explained that while privacy may not be assured, confidentiality can be maintained. Simon and Vani discussed the language used to describe these concepts, agreeing to clarify it. They also discussed the cryptographic operation of signing, which Alex clarified is for the origin, not integrity. Simon further elaborated that signing provides assurance of the integrity of the data and the origin.
Managing Secrets and Certificates in Multi-Cloud
The group discussed the challenges of managing secrets and certificates in a multi-cloud environment, emphasizing the importance of visibility and control across different layers of the system. Alex clarified that each entity manages its own secrets, and there is no global administrator with root access. Vani's organization ensures compliance by having different teams with specific visibility and access, and all evidence is submitted to auditors for review. The team agreed on the need to clarify the process of discovering and maintaining an inventory of these secrets, highlighting the importance of collecting evidence from all entities for regulatory compliance.
Multi-Cloud Systems and Key Management
The group discussed the potential risks and complexities of multi-cloud systems, focusing on issues related to confidentiality, integrity, and availability. They also explored the handling of key material in the context of key management systems (KMS) and hardware security modules (HSM). Simon clarified his understanding of KMS as a password manager for keys, using the example of MongodDB requesting a key from KMS for encryption tasks. The team agreed to further investigate and define these concepts and their implications for their system.
Directed Key Management in Clouds
Sam discussed the concept of directed key management, focusing on its application to cloud platforms like Google Cloud and AWS. He and Sunil agreed that this approach could improve security in hybrid cloud scenarios by allowing customers to manage and share their cryptographic keys without the need for a third-party platform. Simon clarified that, in this model, customer success managers don't have access to the keys, ensuring security.
Previous action items:
Next action items:
Document 1 - Best Practices when Migrating:
- Sunil @Sunil Arora to connect with Yuvaraj and identify the updated sections of 2 and 3 and 4.4 OR make the review and verification of this action independently if possible.
- Sections 1 and 2 update by Partha.
- Michael ( @Michael Roza) to Concise section 4.1 and 4.2 on key points. Too many examples: perhaps using less is possible.
- Phani ( @@Phanikumar Kancharla) to review and provide feedback/comments at the paper's content. (If this action item is not implemented by next call, it will be dissolved)
Document 2: Multi-Cloud KMS:
- Vani ( @Vani Murthy) to go through and address comments by Sam and EA on sections 2.2, 2.3, 2.3.4, 2.3.5
- Vani ( @Vani Murthy) to add context on Key Exchange in 2.3.4 as discussed on the call.
- Alex Rebo to provide feedback to questions Sam had addressed to him and Marina has tagged.
Assigned and Unassigned document's sections:
- 2.1 Feasibility assessment - author: Unassigned
- 2.2 Key Management Models - author: Vani ( @Vani Murthy)
- 2.3.1 Data Lakes - author: Chandra ( @Chandra Prakash)
- 2.3.2 Data Pipelines - author: Chandra ( @Chandra Prakash)
- 2.3.3 Streaming - author: Sunil ( @Sunil Arora)
- 2.3.4 TLS Transmission - author: Vani ( @Vani Murthy)
- 2.3.5 Signing/Verification - author: Vani ( @Vani Murthy)
- 2.3.6 Privacy / Usage / Propagate Directives author: Unassigned
- 2.3.7 E2EE / Application Encryption - author: Chandra ( @Chandra Prakash)
- 2.3.8 Key Sharing - author: Unassigned
- 2.3.9 Regulation / Governance / Forensic - author: Sam ( @Sam Pfanstiel)
- 2.4.1 Confidentiality - authors: Simon, Adeeb ( @Adeeb Mohammed)
- 2.4.2 Integrity - authors: Simon, Adeeb ( @Adeeb Mohammed)
- 2.4.3 Availability - authors: Simon, Adeeb ( @Adeeb Mohammed)
- 2.4.4 Portability - author: Unassigned
- 2.4.4 Separation of Duties - author: Simon, Adeeb ( @Adeeb Mohammed)
- 2.4.5 Usage Limitation - author: Simon, Adeeb ( @Adeeb Mohammed)
- 2.4.6 User/System Access - author: Simon
- 2.4.7 Rotation/Destruction - author: Simon
- 2.4.10 Third-party Risk - author: Sam ( @Sam Pfanstiel)
- 2.4.11 Regulatory Constraints - author: Sam ( @Sam Pfanstiel)
- 2.5.1 Organizational Maturity - author: Sam ( @Sam Pfanstiel)
- 2.5.2 Cost - author: Sam ( @Sam Pfanstiel)
- 2.5.3 Time - author: Sam ( @Sam Pfanstiel)
- 3.1 BYOK - author: Rajat ( @Rajat Dubey)
- 3.2 HYOK - author: Rajat ( @Rajat Dubey)
- 3.3 Directed Key Management - author: Sam ( @Sam Pfanstiel)
- 3.4 Hybrid Cloud - author: Sunil ( @Sunil Arora)
- 3.5 Third-party Multi-Cloud KMS (MCKMS) - author: Simon
Next working group call:
Date: Wednesday, June 12th
Time: 09:00 a.m. PDT / 12:00 p.m. EDT / 16:00 GMT
URL: https://zoom.us/j/93617880747
Meeting ID: 936 1788 0747
Passcode: 536522
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------