Dr. Sarbari Gupta, President and CEO of Electrosoft, spoke about the need for more robust cryptographic key management practices for use within cloud computing environments at the 2012 Cryptographic Key Management Workshop held at the National Institute of Standards and Technology (NIST) Gaithersburg campus on September 10-11, 2012.

The workshop focused on the technical and administrative aspects of Cryptographic Key Management Systems (CKMSs) that currently exist and those that may be required for future use by U.S. Federal government. See workshop website (http://www.nist.gov/itl/csd/ct/ckm_workshop_2012.cfm) for more details.

Dr. Gupta spoke about the fact that Federal government is moving rapidly towards adopting cloud computing and cloud storage environments in accordance with the Federal Cloud Computing Strategy published in February 2011.  However, cloud computing environments have some unique security challenges arising from remote operations, co-tenancy, distributed management and various other factors. The use of cryptography is essential to secure cloud operations; yet, cloud customers have limited visibility into key management practices within the cloud.  Although the Federal Risk and Authorization Management Program (FedRAMP) streamlines cloud security authorizations, Dr. Gupta asks whether it provides enough visibility and/or assurance regarding key management techniques implemented by cloud service providers and offers some recommendations for moving forward.

The slides are available on the web at http://csrc.nist.gov/groups/ST/key_mgmt/documents/Sept2012_Presentations/GUPTA_KMWSSep12_KeyMgmtinCloud.pdf