KEY MANAGEMENT AS A SERVICEKEY MANAGEMENT AS A SERVICE HAS NOT
gotten the traction it needs. Cloud service provid-
ers (Amazon Web Services, Azure, Google) have
remained fairly static in this area with little additional
innovation. Low end key man-
agement requirements are very
cost effective, but costs get out
of control as the number of keys
increases. Encryption key man-
agement that is not fully under
the control of the cloud service
provider has been the exception
to the cloud service model, but
this is about to change. Key-Management-as-a-Service
(KMaaS) will be offered by independent Software-as-a-
Service providers who will leverage independent key
management applications in a shared cloud environ-
ment. These solutions will be low-cost, multi-tenant
solutions with a self-service model, and will offer en-
terprise options and migration paths for dedicated key
management and key management that is deployed
outside of the cloud platform.
KMaaS offerings will finally provide smaller organiza-
tions access to validated technologies and to technol-
ogies that are based on industry standards such as
the Key Management Interoperability Protocol (KMIP).
Due to the cost of traditional key management solu-
tions, smaller organizations and startups have been
excluded from access to professional key manage-
ment. The good news is that new KMaaS offerings will
bring low-cost solutions in within the reach of small
and midsize organizations.
KMaaS solutions should be based on FIPS 140-2
compliant key management solutions.
KMaaS solutions should provide a path to both
dedicated key management, and to key manage-
ment hosted outside of the cloud service provider
KMaaS solutions should provide a self-service
model for allocating and managing the service.
KMaaS solutions should be independent of cloud
service provider administrative access.
ENCRYPTION KEY MANAGEMENT