In this series, we have addressed cloud security at a high level, but now it’s time to dive deeper to discuss specifics about topics at the top of every CIO’s mind: encryption management in the cloud and Bring Your Own Key (BYOK) solutions. At Domo, these topics are at the top of the most common enterprise security requests we hear from customers.
Legacy cloud providers typically retain the power over their customers’ encryption keys, an approach that is head-scratching at best in today’s world where security is a top concern. This model is the equivalent of a vendor having the key to the front door of your home, and you don’t.
Customers own their own data and should be able to own and protect their encryption keys, according to their own internal requirements. Without command of encryption keys, many enterprises cannot ensure their organizations fall in line with the regulations, policies, and/or procedures governing their industry. Their only choice is to blindly trust their cloud vendors to comply with these rules, adding layers of unnecessary risk to the state of their security.
The good news is that new technology is now empowering organizations to take back control.
Transparency-minded cloud vendors have begun providing customers with complete command of their data through encryption key management and kill switches. We offer this through Domo BYOK a security partnership model that puts our customers in the co-pilot chair as the controller of their own data while Domo acts as the processor. Domo BYOK also creates unique keys for data that can be rotated every hour, as opposed to the industry average of once per year. Organizations can revoke these encryption keys at any time, nullifying all data in Domo and ensuring only the right people have access to sensitive information.
Cloud vendors who use a BYOK model can significantly reduce the concern of companies in highly-regulated industries by giving them full transparency and complete access to their encryption keys. Additionally, kill switches provide organizations’ with peace of mind regarding their in-memory data, allowing cloud customers to remotely delete any residual data in memory if a key is compromised. For example, in Domo, two authorized administrators can execute the kill switch by logging into their instance separately, activating the kill switch, and rendering data in caches and indexes unusable in seconds. Instantly, the data is dropped and the customer’s activity logs record the event.
In an age where regulations around data privacy and cybersecurity continue to mount, cutting-edge security features are becoming more critical to ensure full control and transparency for organizations. As you continue to adopt and evaluate enterprise cloud solutions, don’t overlook the importance of robust, flexible customer-owned encryption key management.