On-demand Videos Encryption Consulting Virtual Conference 2021 Click here
×

Get our experts advice in handling data security issues on the Cloud.

Click Here


    Retain Control of the Keys

    Home » Cloud Key Management » Retain Control of your Encryption Keys on the Cloud
    Blog Post - Retain Control of the Keys
    17 Oct 2020

    Retain Control of your Encryption Keys on the Cloud

    /
    Posted By
    /
    Tags, ,

    Want to centralize and simplify key management functions across multiple clouds, while retaining
    control over your data and encryption keys?

    Register for our webinar with Encryption Consulting

    What You Need to Know About Multi-Cloud Key Management

    • on Wednesday, October 28
    • at 11:00 a.m. CT.
    Register Now

    What questions should you ask of your cloud provider?

    What are critical architectural factors for implementing cloud key management?

    Public cloud vendors

    • Including AWS
    • Google Cloud Platform
    • Microsoft Azure

    have their own solutions for encryption key management. While this establishes a high degree of security, organizations lose control over the keys.

    Enter BYOK. The industry is trending toward giving customers more control over their cryptographic keys. All of the major cloud vendors now have support for Bring Your Own Key (BYOK), so that organizations can maintain control over the keys used for their data and applications, giving them greater data portability and flexibility. The ability to shift from one cloud provider to another — including multiple cloud providers at once — gives organizations options.

    Especially when it comes to managing workloads, handling spikes and surges, and providing disaster recovery — not to mention satisfying audit requirements involving backup or redundancy capabilities.

    Move your IT infrastructure to Cloud.
    BYOK allows organizations to encrypt data inside cloud services with their own keys — and maintained within the cloud providers’ vaults — while still continuing to leverage the cloud provider's native encryption services to protect their data. Win win.

    How it works is keys are generated, escrowed, rotated, and retired in an on-premises or cloud hardware security module (HSM). A best practice is to use a FIPS 140-2 Level 3 HSM to more fully address compliance and reporting requirements.

    While BYOK offers increased control, it also comes with additional key management responsibilities that are magnified in multi-cloud environments. Every cloud provider has its own set of APIs and its own cryptographic methods for transporting keys. Fundamentally, the processes, procedures and methods for managing keys are completely different across clouds, and not just from an API standpoint, but from architecture and process standpoints with each requiring different key management techniques.

    What are best practices for multi-cloud ecosystems?

    What are prerequisites for BYOK?

    Register for our webinar

    What You Need to Know About Multi-Cloud Key Management

    to learn about key rotation best practices and how to manage the cryptographic key lifecycle.

    Join us — Encryption Consulting and Futurex

    • on Wednesday, October 28
    • at 11:00 a.m. CT.
    Register Now

    Subscribe to

    weekly blogs.

    Join our professional community and learn how to protect your organization from external threats!

    Our weekly blogs tackle topics from common code signing mistakes, to building your own PKI.

    Download this BLOG as PDF

    About Post Author

    VP of Global and Strategic Alliances Futurex

    You may also like these blogs

    Related Posts

    Deep Dive on AWS-Key Management Service
    Google Cloud Key Management Services
    Introduction to Google Cloud HSM
    What is Multi-Cloud Key Management?

    Want to learn from AWS Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get Traning Details

    Get a Free Quote for your Cloud Advisory Services

    Request Quote

    Free Downloads for Cloud Advisory Services

    Download our datasheet on Cloud Advisory Services

    ×

    The private keys of the code-signing certificate can be stored in an HSM to eliminate the risks associated with stolen, corrupted, or misused keys.

    Client-side hashing ensures build performance and avoids unnecessary movement of files to provide a greater level of security

    The command line signing tool provides a faster method to sign requests in bulk

    Robust access control systems can be integrated with LDAP and customizable workflows to mitigate risks associated with granting wrong access to unauthorized users, allowing them to sign code with malicious certificates

    Support for customized workflows of an “M of N” quorum with multi-tier support of approvers

    Support for InfosSec policies to improve adoption of the solution and enable different business teams to have their own workflow for Code Signing

    Validation of code against UpToDate antivirus definitions for virus and malware before digitally signing it will mitigate risks associated with signing malicious code