Feeds

Cloud is a key-management pain: NIST

Too many services, too little oversight

Security for virtualized datacentres

The ISA's National Institute of Standards and Technology (NIST) – recently accused of collaborating with the NSA to weaken security standards – has put together a paper highlighting the key-management challenge posed by cloud computing platforms.

As readers will know, key multiplication (and therefore management) can be headache-making even in in-house IT environments. Just one service, SSH, was criticised by its creator earlier this year for spreading 1unwanted keys far and wide.

The paper, Cryptographic Key Management Issues & Challenges in Cloud Services, would be available at http://www.nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf if it were not for the fact NIST's site has been DOSed by the US government shut down. The Reg has popped it into Dropbox here as a PDF. (See - we don't need no lousy government, do we?)

As the paper, authored by Ramaswamy Chandramouli, Michaela Iorga and Santosh Chokhani, states, crypto key management – already a challenge for anybody with a large IT infrastructure – starts to look a little nightmarish when you start spreading your systems far and wide into cloud environments you don't control.

Key management, they write, “becomes more complex in the case of a cloud environment, where the physical and logical control of resources (both computing and networking) is split” between different locations, different applications, and different virtual machines.

“Furthermore, the pattern of distribution varies with the type of service offering - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS),” they note.

Key management has to be able to cover securing the interactions with the cloud environment, as well as securing the data the cloud service creates. Moreover, “in many instances, the KMS required for managing the cryptographic keys needed to protect that data have to be run on the computing resources provided by the cloud Provider.”

The paper offers a variety of architectural templates for key management, depending on the deployment scenario under consideration. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.