Cloud Key Management

Back to discussions
Expand all | Collapse all

Meeting Minutes June 14, 2023.

  • 1.  Meeting Minutes June 14, 2023.

    Posted Jun 16, 2023 12:56:00 PM

    Dear members,

    Below you can find the recording from our working group call on the 14th of June.

    Previous action items:

    Document 1: HSM-as-a-Service:

    • Marina to check the previous Cloud Key Mgmt papers  in order to recognize any references to HSM from the CSP/on-prem perspective and perhaps include the non-CSP perspective (on-prem) in this paper. (Check footnotes for Utimaco, Entryst mentions, etc.) - PENDING
    • Santosh please address the comment made for the introduction paragraph by Sam in section 4: Responsibilities. - DONE
    • Iain to ask his colleague about insight regarding the eIDAS use case. - DONE
    • Iain to write section 5.2.1 - General Purpose HSM. - In progress
    • Sam to address and resolve comments made to section 1 by Alex Rebo. - In progress
    • Sam to review and approve section 9 - Governance written by Rajat Dubey. - PENDING
    • Sam to review and approve section 10 - Vendor Selection Best Practices written by Rajat Dubey.- PENDING
    • Carlos to write use case of section 3.5 - Full Homomorphic Encryption - DONE
    • Simon Keates to write section 5.2.2 - Payments HSM - In Progress
    • Simon Keates to write section 6.3 - Multi-tenant Segregation - In Progress
    • Tim to develop in paragraph mode the bullet points he has included in sections 6.1 and 6.2  - Physical and Logical Security Controls - PENDING
    • Thanos please review section 7.1 and 7.1.1 added by Bruno.- In Progress
    • Thanos to check with his contacts about the possibility of sharing data to use for the eIDAS use case.- PENDING
    • Sunil to write section 8 - Key Mgmt Considerations, which will be linked with the Key Mgmt Best practices parallel document. - In Progress

    Document 2: Key Mgmt Lifecycle Best Practices

    • Alex will you please review the additional text written in section 2.5 Encryption Overview by Parth. - PENDING
    • Sam to write section 3.2.8. Key Auditing. - PENDING (contribution given to Akshay Bardwaj ( @Akshay Bhardwaj) )
    • Michael Roza please write section 3.2.6 Key Revocation. - DONE
    • Marina to write section 3.2.3 Key Use.- PENDING
    • Partha to please address comments made by Alex Sharpe and Alex Rebo and review and do a sanity check to section 2- Key Mgmt Refresher, where is the lead author. - PENDING
    • Partha to please review section 4.1 Compliance and Regulatory Requirements. written by Vani.- PENDING
    • Vasan Kidambi please write section 4.2 - Technical Considerations. - DONE
    • Vani as section 4 lead, to review and provide feedback to the subsections 4.3, 4.4, 4.5 that Rajat, Vanesa and Vasan have submitted. 
      As the Lead for section4 you need to check and decide on the flow, the content and the "voice" of the subsections that fall under you. - In Progress
    • Santosh please review additional content added under 2.4.1 by Vasan. - PENDING
    • Santosh to include missing diagrams and references in section 5.1 - Deployment Approach. - In Progress
    • Santosh to review and approve/disapprove content added in section 5.2 - Deployment Considerations, by Amit Butail.- DONE
    • Santosh please review section 5.3 - Operations and Maintenance written by Rajat. - PENDING
    • Carlos please write section 5.4 Auditing Requirements. - PENDING
    • Carlos and Vasan Kidambi please write section 6 - Industry Specific differences. - PENDING
    • Partha, Sunil, Santosh to review and approve/disapprove additional text included in section 7 - On-prem Considerations by Parth Jamodkar. - PENDING
    • @All: Are we adding 'Key Loading' in the Key Lifecycle diagram? - PENDING

    Main action items:

    • All, please check the PENDING action items from the previous time.
    • Partha to do a full review of the Key Mgmt document.
    • Sunil ( @Sunil Arora), Partha, Alex Rebo and Sam ( @Sam Pfanstiel) to connect and decide on 'Key rotation'
    • Marina to send to Santosh link with previous Key Mgmt documents.
    • For the rest of the action items, please check the recording of the call.

    To hear the recording please use the link:  https://cloudsecurityalliance.zoom.us/rec/share/BR4qf9IoWTqUWW0ZYpnCasoo8FXG9xMdBNgCDhaTuE8mgksRwxq6yO8GKboMz-XV.Jr0-oqeeHgsiT4uJ
    Passcode: I1n7vy*2

    Next working group call: Wednesday, 28 June.

    Time: 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 18:00 EET.

    URL: https://zoom.us/j/93617880747  (Meeting ID: 936 1788 0747)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------