Recommendations for Adopting a Cloud-Native Key Management Service

The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native key management systems (KMS). The guidance will provide recommendations that address technical, operational, legal, regulatory, and financial aspects of leveraging a cloud-native KMS. The goal is to optimize business outcomes, including agility, cost, and compliance.
It is important to note that adoption of the guidance provided herein cannot ensure that business information is adequately protected when stored, processed or transmitted using public
cloud services. This document provides guidance on how to assess and implement cloud key management services with regard to an organization’s needs for key management — it is up to the customer to then use encryption keys (or other artifacts, such as secrets) in ways that follow encryption best practices.