What are critical architectural factors for implementing cloud key management?
17 Oct 2020
Enter BYOK. The industry is trending toward giving customers more control over their cryptographic keys. All of the major cloud vendors now have support for Bring Your Own Key (BYOK), so that organizations can maintain control over the keys used for their data and applications, giving them greater data portability and flexibility. The ability to shift from one cloud provider to another — including multiple cloud providers at once — gives organizations options.Especially when it comes to managing workloads, handling spikes and surges, and providing disaster recovery — not to mention satisfying audit requirements involving backup or redundancy capabilities.
BYOK allows organizations to encrypt data inside cloud services with their own keys — and maintained within the cloud providers’ vaults — while still continuing to leverage the cloud provider's native encryption services to protect their data. Win win.
While BYOK offers increased control, it also comes with additional key management responsibilities that are magnified in multi-cloud environments. Every cloud provider has its own set of APIs and its own cryptographic methods for transporting keys. Fundamentally, the processes, procedures and methods for managing keys are completely different across clouds, and not just from an API standpoint, but from architecture and process standpoints with each requiring different key management techniques.