What Does Customer Managed Encryption Keys Really Mean for Cloud Service Providers?
Blog Article Published: 03/06/2015
By Todd Partridge, Director of Strategy, Intralinks This is the first in a 3-part series examining information security in the cloud. Customer Managed Keys (CMK). As companies begin to realize the importance of owning and managing the encryption keys used to protect their data in the cloud, the important question is – how is that control implemented? There are several questions that today’s enterprises should consider when evaluating a cloud service provider’s claims of customer managed encryption keys:
- Can the customer login directly to the appliance that houses the keys and suspend the key without provider’s help or knowledge, if needed?
- Is there any provider software in the middle that can be compromised and leak the key?
- Keys need to be rotated. What happens to data at the time of key rotation?
- Does the customer need to wait for re-encryption of terabytes of data with the new key?
- A container suitable for the storage of a company’s most valuable information
- Customers’ ability to choose the geographic location of said container
- Secured channels of access to the data
- The ability to provide controls that allow no single entity to own or control access to the encryption keys
- The solution should be able to account for all copies of the data
- The solution should provide compliance reports and audit trails that document which users access, or attempt to access, the protected data, as well as when the action took place