Questions About Encryption Keys and the Cloud
If you implement cybersecurity in your company, do you know where your encryption keys are stored, how they are accessed, and who administers them? If any of the answers to this is, “I don’t know”, then read on.
Like it or not we are moving to the public cloud. Why? It is often so much less expensive to build our information systems wouldn’t haven’t to worry about investing in hardware. And,
KMS (Key Management Store)
In the AWS cloud, we use the KMS (Key Management Store) to create our keys (Figure 1), and which can then be used to encrypt/decrypt data, sign/verify signatures, export data keys, and generate/verify MACs (Message Authentication Codes).
Overall you have keys that are AWS managed (such as for the Lambda service), Customer managed keys (these are created and managed by the customer), and Custom key stores (these are key stores where the customer has complete control over the keys).
What key types can be used with AWS?
The keys can then be used for ECS (Compute), EBS and S3 (Storage), and a range of other services…
