Centralized Management of Keys for Cloud Services

A platform for managing information security across Microsoft, AWS, Google, and internal infrastructure is a challenge many are facing right now.

Companies and the public sector in Sweden need to ensure the security of their information. One challenge is maintaining a consistent approach to the use of different protective methods, whether on Microsoft, Google, or internal systems. Regardless of the service platform, there is a clear need for a unified information security strategy.

Today, businesses and the public sector in Sweden utilize a variety of cloud services, procured infrastructure, and their own IT infrastructure, including SaaS and cloud services. For instance, a municipality might use Google Workspace in education, Microsoft 365 in administration, and maintain its own infrastructure for systems and data storage.

The laws and regulatory requirements imposed on companies and municipalities pose a significant challenge in securing information across these platforms while ensuring availability and functionality. Managing this by securing information and simultaneously ensuring availability and functionality is a complex task.

Today, many providers offer built-in security features to protect information stored or processed through their services, with a trend towards encryption and policy-based access control. Each provider aims to enable its customers to comply with laws and regulations governing how information is handled, such as GDPR and upcoming NIS2.

The need to keep information secure and sovereign in Sweden, or to guarantee that information cannot be requested by foreign nations, is high on the agenda. Many cloud providers are now talking about sovereign clouds based in Europe, assuring customers that information is processed and stays securely within the EU. Overall, these are positive steps creating opportunities for Swedish companies and the public sector to consume and benefit from scalable and available cloud services.

Man sitting at a table thinking

Challenge: The Need for Unified Management

As cloud service providers adapt to increased demands for information security and privacy, customers are expected to meet new knowledge requirements. This means actively enabling and managing various features and protective mechanisms within each platform.

Establishing processes and routines for monitoring and management must be done individually for each service provider, leading to a complex situation where unified and effective management of all services becomes challenging, and a clear overview for security measures is difficult to achieve.

Protecting Information through Encryption

Today, a variety of cloud services offer customers the opportunity to encrypt their information. By generating keys in a dedicated key manager at the service provider, one can secure information through encryption. These keys, generated and stored within the same service handling and storing the user's data, are a central part of protection.

Encryption is a robust method for securing information, where the strength of the key is crucial for the effectiveness of protection. Therefore, it is of utmost importance that keys are created securely, stored securely to prevent unauthorized access, regularly rotated, and the key's usage is monitored.

As the key becomes one of the most valuable components in security measures, the requirements on the providers of the cloud services we choose to use increase. This phenomenon has driven the development of new security measures such as "Bring your own key" (BYOK) and "Hold your own key" (HYOK). These features allow customers to create and own their keys, which they then use within the service or allow the service to use the key from a secure location at the customer's premises. This approach allows customers to create their processes and routines for creating and managing the lifecycle of keys used to protect the data the service processes and stores.

The diversity of cloud services means that there are currently various methods for creating and controlling keys. Each provider offers its services to manage and configure these features.

Man opening a lock on a oversized smartphone

KMS – Unified Management of Keys for Your Intended Service

Key Management System (KMS) is a system used to create, manage, and secure cryptographic keys. These keys are crucial for encrypting and decrypting information, ensuring that the information remains private and protected from unauthorized access. KMS enables the generation of strong and unique cryptographic keys and ensures that they are managed securely. This means that only authorized individuals and systems have access to the keys and can use them to encrypt or decrypt data. KMS systems also handle key rotation, meaning they are regularly replaced with new ones to prevent data vulnerability if a key were to be compromised.

  • Access Control: KMS allows for defining and regulating who has permission to use and manage the keys. It creates a structured access control where permissions can be assigned and monitored to ensure that only authorized individuals or systems can access the keys.
  • Central Logging Function: By tracking activities and actions performed with the keys, KMS creates a logging function that records each use or change. This is crucial for tracking events, troubleshooting any issues, and detecting unauthorized access or abuse.
  • Integration with Cloud Services: By integrating with cloud services, KMS creates a unified place for key management, whether used locally or in the cloud. This enables unified and secure key management regardless of where they are used, which is particularly important in today's distributed data systems.
  • Overview and Easy Management: By bringing all keys and services to one place, KMS provides a comprehensive view of all keys and their usage. This facilitates monitoring, processes, and routines to ensure that all keys are managed in a unified, secure, and efficient manner.

A robust KMS is invaluable for ensuring organized and secure management of cryptographic keys, thereby protecting sensitive data. It provides both control and an overview of the keys and their usage, crucial for information security and compliance with regulations.

2 people working in front of an oversized laptop, showing data management
Complior – KMS as a Service

Complior has extensive experience in key management, where we currently help customers with high-security requirements manage keys for their information. Complior offers a KMS service based on Thales products, ensuring the security of your information regardless of where you store it.

Thales is a leading company in cybersecurity and digital security solutions.

CipherTrust Manager is a key management platform aimed at providing security and control over cryptographic keys used to protect sensitive information. It offers companies and organizations a centralized and powerful management solution for cryptographic keys used in various environments, including local systems and cloud-based services.

This platform enables the generation, distribution, rotation, and monitoring of cryptographic keys and provides a unified view of the keys regardless of where they are used. It also offers benefits such as access control, logging functions, and integration with various cloud services. Thales CipherTrust Manager aims to make key management simpler and more secure for organizations, especially when dealing with critical and sensitive information. If you want to learn more about Complior and key management, contact us!

More blogs

Person working on laptop and looking at online secure file sharing
Blog

Safe Storage: Part 3

Being able to share information securely is a critical function for many organizations, especially those working on projects with external partners

Read more »