CEK - Cryptography, Encryption, and Key Management Overview

In this presentation we explore the Cryptography, Encryption, and Key Management (CEK) domain within the Cloud Control Matrix (CCM) that comprises twenty-one control specifications. The CEK domain focuses on safeguarding Cloud Service Customers' (CSCs) data through cryptographic techniques, encryption, and effective key management. It plays an essential role in ensuring compliance with encryption standards and maintaining the confidentiality and integrity of sensitive information in cloud environments.
Under the Shared Security Responsibility Model (SSRM), Cloud Service Providers (CSPs) govern cryptography, encryption, and key management practices, ensuring they align with industry best practices and regulatory standards. CSPs manage the underlying infrastructure, provide secure key storage, and deliver encryption services. Meanwhile, CSCs take responsibility for encrypting their own sensitive data before uploading it to the cloud, managing their encryption keys, and assigning roles and responsibilities within their applications and data. They also oversee cryptographic risk and change management processes specific to their environment.
Collaboration between CSPs and CSCs in implementing CEK security controls is mutually beneficial. For CSPs, it strengthens the confidentiality and integrity of CSCs’ data, boosting the security and compliance of cloud services. For CSCs, working with CSPs ensures their unique cryptographic needs are addressed, reinforcing data protection and regulatory compliance.

Presented by: Akshay Bhardwaj (Security Business Lead, Sprinklr Inc.) and Kerry Steele (Principal, Payments and Cloud Advisory, Coalfire Systems Inc.)