Skip to main content
banner image
venafi logo

Moving to the Cloud Doesn’t Mean You Can Forget about Key Management

Moving to the Cloud Doesn’t Mean You Can Forget about Key Management

key management in the cloud
October 1, 2019 | Georg Gann

I have been talking to many organizations in Germany about how they extend machine identity management into their hybrid cloud environments. What many of them don’t realize is that they will have the same responsibility for managing machine identities in the cloud as they have in their on-premises environments.

Some of the organizations I speak with assume that cloud providers will take care of a wide range of PKI functions. They think that they won’t have to care about PKI any more because they turn over responsibility to the cloud service provider to take care of everything. And that's just not true.


"They think they won't have to care about PKI anymore...and that's just not true"

In terms of machines, they do operate the same in the cloud as they do on premises. But that also means that you will be responsible for the same machine identity management in the cloud. Why? Cloud services are much the same as other managed services. It's just another kind of infrastructure that organizations can leverage. But would you feel comfortable giving your keys to a managed service provider without some level of control? It’s the same thing with the cloud.



When you move to the cloud, that will require access to your keys. But you will want to think hard about how to maintain ownership over your keys in the cloud, just as you do on premises. Basically, you have to make sure that the cloud instance is available and that there's no issue with its machine identities. You still have to provision the certificates, you have to review them, and you have to revoke them. Just like you do on premises.

And that process will work even better if you can get a consistent view of machine identities across cloud and on-premises. But many organizations aren’t thinking that way yet.

How many organizations are protecting cloud platform identities? See analyst findings.

I was recently speaking with an organization that wanted to move to the cloud. They talked to their cloud provider and said, "Hey, we need some cloud instances from you and we need to secure the communication. So we need certificates.” And the cloud provider said, "Oh yeah, we’ve got certificate management. No problem.” So I asked this this organization, “Where are the private keys located, how many are they using on cloud servers, and who's taking care of the certificates there?” They couldn't tell me. They had no idea where their keys were and who owned them in the cloud.

I mean, do you really want to give up responsibility of your PKI and control of your keys? Ideally, the keys from the cloud are part of your complete machine identity inventory. That way you will know where they are installed and who owns them.

"The keys from the cloud are part of your complete machine identity inventory" 

Granted, most companies understand that there are risks that they might not have considered when moving to the cloud. But most have already dealt with similar issues for managing machine identities in their on-premises infrastructure. And taking it to the cloud only adds complexity. Because most organizations use a hybrid or multi-cloud approach, it may be difficult to maintain consistent visibility and protection across all instances.

My objective is to make these organizations understand that cloud instances are just an extension of their on-premises infrastructure and should be treated just the same in terms of managing machine identities. They need to secure their keys and certificates in the same way everywhere. They still want to be able to enforce security policies, automate the certificate lifecycle and monitor all machine identity usage and behavior—just as they do in physical infrastructures.


Related posts

Like this blog? We think you will love this.
Featured Blog

Increase Security for Private Workloads Using Isolated Issuers in Hardened Environments

The challenges for security pol

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Georg Gann
Georg Gann

Georg has over 20 years experience in the software industry and is currently serving as Venafi's Regional Sales Manager for DACH & Eastern Europe. He helps enterprises understand the importance of an automated machine identity protection solution and simplifies certificate lifecycle management for the Global 5000. Previous positions include posts at WinMagic, Utimaco, Computacenter and Novell. 

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more