What Does Customer Managed Encryption Keys Really Mean for Cloud Service Providers?
Published 03/06/2015
By Todd Partridge, Director of Strategy, Intralinks
Have you ever leased a safety deposit box from your bank? For years the security and privacy of a safe deposit box has been the standard in the physical world. People have put their most important and their most valued information in bank vaults around the world with the confidence that it would remain secure and kept away from unsolicited parties. Safe deposit boxes provided the extremely high security measures and processes needed to protect these assets at scale.
In essence, the hundreds of customers a bank may have shared the cost of providing that ongoing security and privacy. Today’s SaaS industry is predicated on the same principles: that it is far more cost effective for customers to share the cost of computer power, infrastructure, and application maintenance. The question that often remains is whether or not SaaS providers are capable of providing the same level of confidence that banks have provided for safe deposit boxes.
On the consumer side of the SaaS market, users hear the stories of large enterprises losing priceless intellectual property and they listen to ‘experts’ saying that cryptography could have protected them. To the average user of a cloud service the question becomes, “why not just encrypt the data and be done with it?” Reality becomes even murkier when it is mixed with strong PR campaigns of companies looking to make a name for themselves as they capitalize on the misfortune of these companies that may not have taken the appropriate measures to protect their data in the cloud. In the cloud, customer data faces different threats when at rest, in transit, or in use.
There are important differences to each of these threats and their associated responses that bear further discussion. Here we’ll take on data at rest, but as a backdrop we must not forget that it is the intricate weave of all three that is important.
Data at Rest
Any service hosting customer data must provide assurances that it is protected while in their custody from external hackers, malicious insiders, and as we learned recently, governments. So, data must be encrypted at rest, which is relatively easy to implement. Many players, big and small, may declare that they give their customers full control of the encryption keys, also known as Customer Managed Keys (CMK). As companies begin to realize the importance of owning and managing the encryption keys used to protect their data in the cloud, the important question is – how is that control implemented?
There are several questions that today’s enterprises should consider when evaluating a cloud service provider’s claims of customer managed encryption keys:
- Can the customer login directly to the appliance that houses the keys and suspend the key without provider’s help or knowledge, if needed?
- Is there any provider software in the middle that can be compromised and leak the key?
- Keys need to be rotated. What happens to data at the time of key rotation?
- Does the customer need to wait for re-encryption of terabytes of data with the new key?
Arguably, if the chosen managed keys solution cannot provide these capabilities, it may fall short of many enterprise requirements for secure storage of that company’s most valuable information assets. Businesses need to pay attention to the details of the proposed solution just as you would pay attention to whether or not your bank has the right measures in place to protect those items you place in their safe deposit boxes.
Keeping Data Protected
It is obvious that data protection, especially in a SaaS model, is a complex task where science, engineering, and operations must be aligned perfectly to protect information assets from any number of threats. Just as banks provide a multi-layered security model to protect their customer’s value assets, cloud service providers need to give their customers analogous capabilities such as:
- A container suitable for the storage of a company’s most valuable information
- Customers’ ability to choose the geographic location of said container
- Secured channels of access to the data
- The ability to provide controls that allow no single entity to own or control access to the encryption keys
- The solution should be able to account for all copies of the data
- The solution should provide compliance reports and audit trails that document which users access, or attempt to access, the protected data, as well as when the action took place
In our next two articles in this series on information security in the cloud, we’ll explore the threats and security considerations of protecting data in transit and while in use.
Todd Partridge is the Director of Strategy at Intralinks. He has broad industry experience in the enterprise information management (EIM) space, with deep expertise in all trends and technologies related to information governance, enterprise content management, document management, web content management, business intelligence, team collaboration, e-mail management and enterprise records management practices.