{"id":4780,"date":"2021-09-14T13:20:53","date_gmt":"2021-09-14T05:20:53","guid":{"rendered":"https:\/\/www.progreso.com.sg\/newsite\/?post_type=all_news&p=4780"},"modified":"2021-09-20T16:35:15","modified_gmt":"2021-09-20T08:35:15","slug":"bring-your-own-key-byok","status":"publish","type":"all_news","link":"https:\/\/www.progreso.com.sg\/newsite\/all_news\/bring-your-own-key-byok\/","title":{"rendered":"Bring Your Own Key – The Beginner’s Guide"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What is BYOK?<\/strong>
Many data security professionals believe that encryption is the best technology for securing data against breaches. However, organizations that decide to move their data to the cloud are often faced with a dilemma when it comes to encryption; their cloud service provider (CSP) maintains access to their encryption keys, and ultimately, their data. For highly regulated industries and organizations storing sensitive data, this can be unsettling and even against compliance regulations.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Bring Your Own Key (BYOK), also referred to as Customer Supplied Encryption Keys (CSEK), is a model of encryption\u00a0key management<\/a>\u00a0that enables customers to take full control of their encryption keys when storing data in the cloud. It allows them to use their own encryption key management software to store their encrypted keys outside of the cloud, instead of in the cloud, alongside their data. It enables the separation of lock (i.e. the encryption that the CSP provides) and key (i.e. the digital encryption key you want to store locally). This separation of lock and key is\u00a0considered best practice<\/a>\u00a0when it comes to securing data via encryption.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

How Does BYOK Work?<\/strong>
While there are many benefits to storing data in the cloud, one of the main concerns for organizations is security; once their data is in the cloud, it\u2019s no longer in their control. Data stored in the cloud physically resides with the cloud service provider (CSP), rather than with the business that it belongs to.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The concept of BYOK allows an organization to retain control of the keys to their encrypted data, entirely separate from the cloud provider(s) they use to store their data. In order to achieve this, the organization must use a third party to generate keys that encrypt the data encryption keys (DEKs) produced by the CSP\u2019s own key manager. A key generated by a third party and used to encrypt a CSP\u2019s DEK is known as a key encryption key (KEK).<\/p>

The KEK \u2018wraps\u2019 the DEK, ensuring that only the organization, which retains control and ownership of the KEK, can decrypt the DEK, and therefore access the data stored within the CSP. This procedure is sometimes referred to as \u2018key wrapping\u2019.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What Are the Benefits of BYOK?<\/strong>
Implementing a BYOK model of encryption key management delivers several benefits to organizations, including:<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Control<\/strong>
One of the main concerns for organizations storing data in the cloud is security; once their data is in the cloud, it\u2019s no longer in their control. BYOK enables organizations to reclaim control of their data. It allows for the separation of lock and key, by giving the business the ability to use their own encryption key management software to store their encrypted keys outside of the cloud. This provides organizations with peace of mind, knowing that they are the only ones that can access their sensitive data. It also gives them the ability to revoke encryption keys from certain people and processes that should no longer have access.<\/p>

Ease of Management<\/strong>
Managing hundreds to thousands of encryption keys across multiple different platforms (i.e. datacenter, cloud, multi-cloud) can be complex and overwhelming. By implementing a BYOK encryption model, organizations are able to manage all of their encryption keys from a single platform. It centralizes key management, by providing a unified interface for creating, rotating, and archiving encryption keys. If they have data located within different clouds (i.e. multi-cloud), they\u2019re able to consolidate management of those clouds to one key manager.<\/p>

Compliance<\/strong>
When an organization stores its data and encryption keys in the cloud, they aren\u2019t able to manage their keys as they\u2019d like to — that responsibility falls onto the CSP. Many businesses across different industries are required to adhere to specific regulations when it comes to managing their encryption keys. They have to set up control policies, like key rotation and expiry. When their data and encryption resides in the cloud, it makes it more difficult to keep up on key lifecycle management. They have to rely on the CSPs to keep up with compliance guidelines around key management.<\/p>

StorMagic SvKMS and BYOK<\/strong>
SvKMS is an encryption key management solution that adapts to any environment. It provides organizations with a single platform to manage all of their encryption keys, anywhere. Whether at the edge, datacenter, cloud or multi-cloud, SvKMS delivers enterprise-grade key management features to any encryption workflow.<\/p>

With SvKMS, organizations can enable BYOK, and control their encryption keys from a single platform-agnostic environment outside of the cloud. SvKMS\u2019s BYOK feature provides organizations with more comprehensive key lifecycle management than they\u2019d receive through their CSP, and allows them to deploy specific applications not tied to the CSP’s architecture.\u00a0<\/p>

SvKMS integrates with several different cloud-based platforms and applications, including Microsoft Azure, AWS, Salesforce, OpenStack, and Google Cloud.\u00a0<\/p>

Source: StorMagic: BYOK \u2013 A Beginner\u2019s Guide<\/a><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

What is BYOK? Many data security professionals believe that encryption is the best technology for securing data against breaches. However, organizations that decide to move their data to the cloud are often faced with a dilemma when it comes to encryption; their cloud service provider (CSP) maintains access to their encryption keys, and ultimately, their […]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/4780"}],"collection":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news"}],"about":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/types\/all_news"}],"version-history":[{"count":5,"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/4780\/revisions"}],"predecessor-version":[{"id":4792,"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/all_news\/4780\/revisions\/4792"}],"wp:attachment":[{"href":"https:\/\/www.progreso.com.sg\/newsite\/wp-json\/wp\/v2\/media?parent=4780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}