Are we thinking about cloud key management in the right way?

There is a lot of talk in certain circles at the moment about key management in distributed on-demand computing environments (aka ‘the Cloud’), but much of this seems too deeply product- or technology-oriented.

All this ‘solution-first’ talk approaches the problem in the wrong way. We need to return to our roots, look at why key management has become important and revalidate the use of cryptography to solve Cloud security issues.

There is no doubt that cryptography and key management are vital tools in the Cloud information security battle and companies with long experience in crypto and key management have much to offer this immature space. But we must re-examine the way we employ these tools in this new context and make sure that the technology is solving the problems, not defining them.

In any area of life people tend to focus on their area of expertise. To a man with a hammer, every problem’s a nail. The security industry is no different. When a new problem comes along everyone looks at their toolbag and tries to fit what’s in it to the new scenario.

So when Cloud Computing became big news everyone was quick to apply existing policies, process and products to the new environment. To no small degree we’re rather guilty of this in my own area of expertise: cryptography and key management.

I’ll be writing a series of blogs over the next few days about a different, and perhaps more effective, approach. If nothing more I hope this will be food for thought for our information security readers, but if you feel inclined to let me know your thoughts then I welcome them in the comments section below…

Jon Geater has more than 10 years’ technical experience as a software architect and chief architect in the information security industry and has helped define many real-world security products and systems. As Director of Technical Strategy at Thales, Jon is a technical evangelist for the information technology security activities for Thales. Jon represents Thales at academic conferences and standards bodies, and is a co-founder of the OASIS KMIP key management group. Jon holds a BSc Hons in Computer Science.