Cloud Key Management

Back to discussions
Expand all | Collapse all

Meeting Minutes 17 April 2024

  • 1.  Meeting Minutes 17 April 2024

    Posted 10 days ago

    Dear members,

    Below you can find the minutes from our working group call on the 17th of April.

    Minutes: 

    Best Practices for Managing Keys when uploading Data from on-prem to Cloud' document:
    Rollback Plan and Data Transfer Discussion
    Sunil and Yuvaraj will communicate offline to break section 4.4 for Preparation and from Migration.
    Iain suggested to consider adding a reference to Dora, a European initiative related to security, posture, resilience, and reporting. Dora and Niss 2 could be appropriate to include, given their focus on resilience and recovery from major cyber attacks. Sunil agreed and proposed to limit the text to 200 words per bullet point to keep it concise. Iain offered to summarize relevant parts of a document, aiming to maintain brevity.
    Addressing Key Synchronization and Backup Challenges
    Yuvaraj, Sunil, and Alex discussed the challenges and potential solutions related to key synchronization and backup. Alex highlighted the problem of keys expiring and the difficulty of keeping backup keys in sync, which could lead to confusion about which key is active. Alex then invited suggestions for a better solution than just backing up keys.

    Document 2: 'Multi-Cloud KMS':
    Multi-Cloud Initiative and Document Reorganization
    Marina, Iain, Rajat, Sunil, and Sam discussed the reorganization of certain sections in a document. Sam updated the group on the Multi-Cloud initiative and expressed interest in gathering more participants. Iain suggested that his colleague, Simon Keats, might be interested in contributing to the project, particularly in the areas of key management and key generation. The team agreed to review the document's outline and table of contents, with Iain planning to spend more time examining it.
    Key Management Strategies and Solutions
    Sam and Iain discussed strategies for key management in relation to cloud service providers. They explored the idea of customer-managed and managed keys, the risks associated with key usage, and the potential for a third-party multi-cloud KMS provider. Sam suggested including a table to capture the differences between various key management approaches. The section focusing on multi-cloud key management solutions aimed to maintain an 'approaches' perspective, highlighting the potential risks and benefits of key exportability across cloud providers.
    Iain mentioned bringing Simon on board, as he believed it would be beneficial due to his expertise in the area. 

    Previous action items:

    • Best Practices for Managing Keys when uploading Data from on-prem to Cloud' document:
      • Sections 1 and 2 to be updated by Partha - PENDING
      • Section 3: Sunil to concise section and include bullet points in order to avoid repetition with other sections as well.- PENDING
      • Section 4: Concise section 4.1 and 4.2 on key points. Too many examples: perhaps using less is possible. - PENDING
        (Section 4.3 is more on the point of the overall paper)
      • Section 5.1-Planning and Execution merged with Section 2. - DONE
      • Section 5.1.2 - Rollback Plan, should be part of section 4 to complete the Migration story. - DONE
      • Section 5: Named - Transition and Optimization and will include Post Migration Monitoring and Optimization, while also mentioning Continuous improvement and Adaption - DONE

    New action items:
    Best Practices for Managing Keys when uploading Data from on-prem to Cloud' document:

    • Sections 1 and 2 to be updated by Partha
    • Section 3: Sunil ( @Sunil Arora) to concise section and include bullet points in order to avoid repetition with other sections as well
    • Section 4: Concise section 4.1 and 4.2 on key points. Too many examples: perhaps using less is possible.
    • Sunil and Yuvaraj will communicate offline to break section 4.4 for Preparation and from Migration.
    • Iain ( @Iain Beveridge) offered to summarize relevant parts of DORA and NIS2 aiming to maintain brevity, for Rollback Planning.

    Document 2: 'Multi-Cloud KMS':

    • Iain to bring in Simon as additional author.
    • Sunil to bring Chandra as well.
    • Sam ( @Sam Pfanstiel) to set up a call prior to WG call to discuss document's structure and assign sections perhaps among Simon, Rajat, Vani and Chandra.

    Document 3: 'Post-Quantum Cryptography Key Mgmt with procedural steps on crypto-migration'

    Next WG call:
    Wednesday, 1st May, 2024
    Time: 09:00 a.m. PDT / 12:00 p.m. EDT / 16:00 GMT
    URL: https://zoom.us/j/93617880747
    Meeting ID: 936 1788 0747
    Passcode: 536522

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------