As workflows scale out to the cloud, key management strategies are also being updated to take advantage of cloud based key management services such as Azure KeyVault, Cloud KMS and AWS Key Management Service (KMS). Using cloud based key managed service allows corporate to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the their keys all in a centralized cloud environment. This is a radical shift from on premise model where key manager were locked and device level HSM were employed. This talk discusses the pros/cons, use-cases from the industry (e.g. media and entertainment), reference architectures, and strategic/tactical recommendations on how to secure cloud based key management implementation.