The use of cryptographic keys is a linchpin of modern security. When it comes to the cloud, there is some debate as to where those keys should exist and how their placement impacts cloud security.
Andy Ellis, chief security officer at Akamai, has his fair share of experience building and deploying key management infrastructure and notes that placement all depends on the threat model.
In a video interview, Ellis details his views on key management in the cloud and also provides a preview of Akamai’s upcoming Internet security report.
“If you have a machine that creates TLS connections, for all intents and purposes it has access to the TLS keys, whether you leave them in an HSM (hardware security module) or a crypto server,” Ellis said.
Watch the video interview with Andy Ellis below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.