Feeds

Cloud is a key-management pain: NIST

Too many services, too little oversight

The essential guide to IT transformation

The ISA's National Institute of Standards and Technology (NIST) – recently accused of collaborating with the NSA to weaken security standards – has put together a paper highlighting the key-management challenge posed by cloud computing platforms.

As readers will know, key multiplication (and therefore management) can be headache-making even in in-house IT environments. Just one service, SSH, was criticised by its creator earlier this year for spreading 1unwanted keys far and wide.

The paper, Cryptographic Key Management Issues & Challenges in Cloud Services, would be available at http://www.nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf if it were not for the fact NIST's site has been DOSed by the US government shut down. The Reg has popped it into Dropbox here as a PDF. (See - we don't need no lousy government, do we?)

As the paper, authored by Ramaswamy Chandramouli, Michaela Iorga and Santosh Chokhani, states, crypto key management – already a challenge for anybody with a large IT infrastructure – starts to look a little nightmarish when you start spreading your systems far and wide into cloud environments you don't control.

Key management, they write, “becomes more complex in the case of a cloud environment, where the physical and logical control of resources (both computing and networking) is split” between different locations, different applications, and different virtual machines.

“Furthermore, the pattern of distribution varies with the type of service offering - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS),” they note.

Key management has to be able to cover securing the interactions with the cloud environment, as well as securing the data the cloud service creates. Moreover, “in many instances, the KMS required for managing the cryptographic keys needed to protect that data have to be run on the computing resources provided by the cloud Provider.”

The paper offers a variety of architectural templates for key management, depending on the deployment scenario under consideration. ®

Boost IT visibility and business value

More from The Register

next story
Pay to play: The hidden cost of software defined everything
Enter credit card details if you want that system you bought to actually be useful
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.