From the way businesses are acting, the cloud is where it’s at.
Cloud computing has become incredibly popular among companies in just the past few years, with more and more organizations moving their operations to the cloud.
The number of cloud service providers has ballooned, with the leading vendors showcasing new features and lower prices. As useful as the cloud can be, one issue remains at the top of most executives’ minds: security.
With the number of data breaches increasing each year, and more people concerned about government surveillance than ever before, businesses take the issue of cloud security seriously.
Cloud providers have responded with more security features -- particularly data encryption -- but one idea is beginning to take hold. Taking a cue from the bring your own device (BYOD) movement, organizations are now trying their hand at encrypting the data themselves, while also holding the encryption key as part of bring your own key (BYOK) policy.
Encryption can be a tricky task. Cloud services that offer the feature do so out of concern for data protection, but the big question comes from what to do with the encryption keys. A cyber attacker that can gain access to a cloud computing database may also access the very keys used to encrypt that data, rendering the whole effort useless.
That’s why many businesses that use the cloud are favoring the bring your own encryption (BYOE) approach. Companies that adopt BYOE basically set up their own infrastructure for encryption, using it to protect the data they store in the cloud. BYOK takes this idea one step further. Instead of having the cloud service manage and handle encryption keys, that becomes the sole responsibility of the company. Cloud customers have total control over encrypting data, making the possibility of a data breach or leak much less likely.
BYOK by Provider
Cloud services have seen the advantages to using BYOK and have even offered their own versions of this feature. This service works by having the cloud provider encrypt the data but having only the customer hold onto the keys. The feature has already been introduced for Google Compute Engine, Amazon Cloud HSM, Microsoft Azure, and Adobe Creative Cloud.
All of them work in similar ways -- mainly that the customer manages the encryption keys and uploads them when they need to access data on the cloud. The important thing to remember is that this is all done directly, with no interference or involvement on the part of the provider. In other words, the cloud service never sees the keys. So if a database were to be breached, a cyber attack would not be able to read the data since the keys are kept in a separate location.
Weaknesses of BYOK
The benefits of BYOK are clear, particularly when companies are looking to make sure their data is protected. But it would be smart not to ignore the potential downsides of using bring your own key. For one thing, managing your own encryption key means a great deal more responsibility, in that if you lose your key, that’s it; there’s no getting it back.
The cloud provider can’t do anything to allow you to access your data. With the danger of losing that encryption key prevalent, you’ll need to take great care to make those within your company who have the key take good care of it. That requires more detailed managing, even to the point where the added convenience of moving to the cloud might disappear. You’ll also need to consider the legal consequences pertaining to the handling of encryption keys.
While all of these concerns are justified, for many businesses, the idea of having better-protected data is worth it. The cloud carries numerous advantages, and having a BYOK policy is one way to ensure your valuable data is protected at all times. It will take some managerial changes to make it all work, but BYOK ends up solving a lot of the problems organizations have concerns with when using cloud computing. If you’re considering such a transition, it would be wise to take a closer look at bring your own key for encryption.