1. Technical Field
The present disclosure relates generally to computer security. More specifically, techniques are disclosed for key management in a distributed environment.
2. Description of Related Art
Computer security in a cloud environment is a well-known issue in a broad variety of contexts. For example, companies engaging in online commerce are generally subject to data security standards in regard to handling sensitive data of clients of the service. For instance, under the Payment Card Industry (PCI) data standard, a company that accepts credit cards as payment is required to comply with a number of regulations related to handling data, such as credit card information and customer information. Generally, to comply with such regulations, a company uses encryption techniques to protect sensitive data moving across the compliance chain handling payment transactions to and from the cloud.
Typically, to provide security for sensitive data, a company segments the sensitive data and applications accessing the sensitive data into a high security environment. In general computer security terms, this approach is referred to as compartmentalization. While the rest of the computing infrastructure of the company may have security controls adequate for business purposes, the high security environment generally has a higher level of security that include firewalling, detailed audit logs, periodic third-party security assessments for standards compliance (e.g., with PCI, HIPAA, etc.). These computing systems within the high security environment are considered “in-scope” and require compliance with the standards. However, maintaining the high security environment takes time, effort, and expense. That is, the more components included within the high security environment, the more costly and less agile the infrastructure becomes. This is particularly a concern in the cloud environment, where the state of the entire network frequently changes (e.g., with new storage and network elements being introduced, older elements being removed, etc.). This makes it difficult to both enforce security and maintain the agility afforded by cloud services.