Cloud Key Management

  • 1.  Meeting Minutes 31st August 2022

    Posted Sep 08, 2022 05:00:00 AM

    Dear members,

    Please find below the main topics and action items discussed in our last August WG call:

    • Our working group co-chair Paul Rich is stepping down from his role:

      Saying goodbye and farewell to one of the best co-chairs and subject matter expert of our working group, mr. Paul Rich.
      Paul announced us that he won't be able to continue devoting his time as a co-chair of the working group. His new job has taken a turn away from key management as a core topic and he is leaving room for work to continue with fresh eyes and minds and priorities.Thank you Paul for your dedication, perseverance, and taking this working group so far ahead!!!! It has been a pleasure having you as our co-chair!

    • Other possible topics for the working group's survey were discussed:
      • Alex Sharp suggested to have a topic on Bring Your Own Encryption - specifically, a short paper on encrypting before SaaS. (Is it a requirement for compliance?)
      • Financial Services was thrown on the table as another survey topic
      • Iain Beveridge suggested to provide a comparison between the Hold Your Own Key and "BYOK"
      • Alex Sharp added a second suggestion: Guidance on how to write a KMS for an organization.
      • Paul Rich proposed to address things from the 'what is being accomplished' perspective. E.g. for Encryption before SaaS, privacy in the cloud is accomplished.
    Action item:
    • For the next WG paper, each submits 5 topics/subjects with a short abstract that justifies them.
    Next working group call:
    Wednesday 14th of September, 08:00 a.m.PST / 11:00 a.m. EST / 16:00 GMT / 17:00 CET / 18:00 EET
    URL: https://zoom.us/j/93617880747  (Meeting ID: 936 1788 0747)

    Kind regards,
    Marina


    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------


  • 2.  RE: Meeting Minutes 31st August 2022

    Posted Sep 08, 2022 05:32:00 AM
    Hello,

    I do not recall whether someone has already mentioned it but regarding "Guidance on how to write a KMS for an organization", NIST has published a set of documents which may provide helpful insights:
    • The three-part NIST SP 800-57: Recommendations for Key Management
    • NIST SP 800-130: Framework for Designing Cryptographic Key Management Systems


    ------------------------------
    Thanos Vrachnos OffensiveOps | PKI & eID Subject-matter Expert
    SPEARIT
    ------------------------------



  • 3.  RE: Meeting Minutes 31st August 2022

    Posted Sep 08, 2022 05:56:00 AM
    Thanks for the valuable input Thanos!!

    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------



  • 4.  RE: Meeting Minutes 31st August 2022

    Posted Sep 08, 2022 08:59:00 AM

    Hello WG members!

     

    As announced by me during the last WG meeting and included in Marina's message to the WG, I've resigned at WG co-Chair and am wishing you all well and looking forward to seeing what the WG produces under new leadership and vision. The participation today is much better than it was a couple of years ago and there is an abundance of great ideas and expertise to execute on those ideas. This bodes well! I recognize that my continued presence in the WG could be a hindrance rather than a help to Partha and my professional life has turned up the heat as well as shifted my focus away from key management, so I'll be lurking in the WG community but not attending meetings.

     

    Thank you to everyone that has contributed to our success, and to those that carry the WG to new destinations. Marina is a gem, please take good care of her.

     

    Sincerely,

    Paul