cloud key management kick-off call
TRANSCRIPT
1
The Cloud Key Mgmt working group main objective is to create a consortium whose purpose is to align cloud key management interoperability standards across cloud service providers, SaaS vendors, enterprise customers, and security service/product vendors.
To maintain API and key interoperability specifications and consider developing enhancements.
Cloud Key Management Kick-Off Call
2
● Working group governance - John Yeoh○ CSA Research Portfolio○ Industry Collaboration○ CSA Working Groups
● Working Group Activities - Marina Bregkou○ Cloud Key Mgmt Charter 2020-21○ Bi-weekly calls
● Latest Publications● Current Roadmap
○ Financial Services and Cloud Key Mgmt- Paul Rich
● Future Topics○ Key Mgmt 2021 - Mike Schrock
● Call for Action○ Join the CSA Cloud Key Mgmt Working Group!○ Participate in Key Mgmt industry peering○ Understand and discuss the latest trends in cloud key management○ Leverage Key Mgmt strategies in the cloud○ Publish innovative customer centric key mgmt practices
Meeting Agenda
28+ACTIVE WORKING GROUPS
2009CSA FOUNDED
SINGAPORE // ASIA PACIFIC HEADQUARTERS
BERLIN // EMEA HEADQUARTERS
SEATTLE/BELLINGHAM, WA // US HEADQUARTERS
100,000+INDIVIDUAL MEMBERS
400+CORPORATE MEMBERS
75+CHAPTERS
Strategic partnerships with governments, research institutions, professional associations and industry
CSA research is FREE!
OUR COMMUNITY
SHENZHEN // CHINA CSA NGO
30,000+ 6,000+RESEARCH VOLUNTEERS CONTRIBUTING
SUBSCRIBERS TO OUR WEBINAR SERIES
4
Industry CollaborationFORMAL:
• ISO/IEC JTC 1 – IT and Cloud Security Techniques
• ITU-T – Procedures and standards in Telecom
• IEEE – Cybersecurity and Privacy Standards Committee
• NIST – Cloud Security Working Group
• FCC - Technological Advisory Committee on IoT
• DISA DoDIN (GIG) – Cloud Computing Services Guidance
• DoD IC - Cloud Computing Standards Focus Group
• ATIS - Packet Technology and Systems Committee on 5G
• CIS – Cloud Security Benchmarks
• Cloud Security Industry Summit – Executive Council of Cloud
• ENISA – EU funded research on Risk, Interoperability, SLAs, and more
• ISC2 – Training and Education Partner for Cloud Security Certification
• ISACA – Continuing Education Partner for IT Certification
• CSA Corporate Members – Commissioned work to explore trending topics
• And many others
INFORMAL:
MPAA, Security Smart Cities, US Federal Highway Administration,
HIMSS, HC3, FFIEC, FDIC, OCC, EBA, UL, and more
5
CSA RESEARCHACTIVE PUBLIC Working Groups
EDUCATION THOUGHT LEADERSHIP
TOOLS & STANDARDS
COLLABORATION BEST PRACTICES & SOLUTIONS
ARTIFICIAL INTELLIGENCE
BLOCKCHAIN
CYBER INTELLIGENCE EXCHANGE
CLOUD COMPONENT SPECIFICATIONS
CLOUD CONTROLS MATRIX
SECURITY SERVICES MANAGEMENTSAAS GOVERNANCE
CONTAINERS & MICROSERVICESDEV(SEC)OPS
ENTERPRISE ARCHITECTURES
ERP SECURITY
FINANCIAL SERVICESHEALTHCARE INFORMATION
INDUSTRIAL CONTROLS SYSTEMSINTERNET OF THINGS
CLOUD KEY MANAGEMENT
MOBILE APPLICATION SECURITY
OPEN CERTIFICATION FRAMEWORK
SERVERLESS
PRIVACY LEVEL AGREEMENTS
QUANTUM SAFE SECURITY
SECURITY AS A SERVICE
SOFTWARE DEFINED PERIMETER
TOP THREATS
INTERNATIONAL STANDARDS
INCIDENT RESPONSE
6
● Co-Chairs○ Mike Schrock - Senior Director Global Business Development, THALES Group
○ Paul Rich - Executive Director, Data Management & Protection, JPMorgan Chase & Co
● Cloud Security Alliance Research○ Marina Bregkou - Senior Research Analyst
○ John Yeoh - Research Global Director
Cloud Key Mgmt Leadership
7
● Cloud Key Mgmt Charter 2020-21
● CSA Circle Cloud Key Mgmt
● Bi- Weekly calls
● Next publication: Q4 2020
Cloud Key Mgmt Working Group Activities -Marina Bregkou
8
● Key Management in Cloud Services
Latest Publications - Paul Rich
Keykey
9
Working Group Roadmap - Paul Rich
Next twelve months:
Financial Services and Cloud Key ManagementHybrid Multi-KMS Management
The purpose of this paper is to define principles, describe required and recommended features, and provide recommendations for implementing a management layer for many KMS instances across the patterns defined in the CSA “Key Management in Cloud Services” paper, published November 2020.
The purpose of this briefing is to document required implementation specifics for KMS use within the financial services industry. We seek to cover all pertinent regulatory and legislative mandates for global financial institutions.
HTTPS://CLOUDSECURITYALLIANCE.ORG/ 10
Future Topics- Mike SchrockCloud Key Mgmt WG 2021
We have drifted from original Charter, Purpose and Scope. Realistic alignment needed. Propose we all read and come to next meeting to discuss revisions
Revision of WG Charter and Purpose
Shall we create a process to enable more related projects supporting the cause like OpenSource projects on APIs. How do we get more involvement from WG member companies?
Project Proposals
Perhaps it makes sense to organization into both a Technical Advisory Council and an Outreach Council to better align interests and achieve objectives for 2021
Setting TAC and Outreach Councils
We laid out the architectural Patterns in latest Whitepaper, but do not really lay out practical guidance or reference architectures for enterprises. Does this make sense.
General EKM Reference Architectures & Best Practices
HTTPS://CLOUDSECURITYALLIANCE.ORG/ 11
● Join the CSA Cloud Key Mgmt Working Group!○ Next meeting Tuesday 20th 9:00 AM PT:
https://zoom.us/j/93617880747, Meeting ID: 936 1788 0747
● Participate in Cloud Key Mgmt Circle Community.○ https://circle.cloudsecurityalliance.org/community-
home1?CommunityKey=7e44948d-7698-4471-994b-33ea8766b5de
Call for Action
HTTPS://CLOUDSECURITYALLIANCE.ORG/ 12
● Understand and discuss the latest trends in cloud key management○ Circle Cloud Key Mgmt working group
● Leverage public’s knowledge on Financial Service Patterns○ Cloud Key Management Services - Financial Service Patterns
● Hybrid Multi-Cloud KMS Management.○ Work to start in Q4 2020
Call for Action
HTTPS://CLOUDSECURITYALLIANCE.ORG/ 13
Thank you for attending!!!
Hope to hear you all, on our next working group call, Tuesday, 20th October, 09:00 a.m. PST