Intro
Domo BYOK is a security tool that gives you complete control of the encryption keys for your Domo instance. It allows you to verify that your data is kept private at all times. In addition, BYOK includes a rolling generation of data encryption keys and a built-in kill switch. You can revoke the encryption key at any time, nullifying all of your data in Domo and ensuring that no one will have access to sensitive data.How Does it Work?
Domo BYOK is composed of the following three parts: | Encryption Key Management BYOK supports rotating the encryption keys every hour, which equates to 8,760 rotating keys annually. Domo access to the encrypted key can be revoked at any time, so the data can no longer be accessed. |
 | Kill Switch Utilizing the kill switch immediately caches and indexes data, rendering it unusable within seconds. This includes data accessed through laptops and mobile devices. To use this feature, you need to first revoke Domo access to Amazon. Then, two different Domo Admins will need to activate the kill switch in their Domo Admin settings. |
 | Activity Logs If a user chooses to revoke their encryption keys and execute the kill switch, these events are logged in the Domo Activity Log. This allows for immediate confirmation that data is no longer accessible. |
How Do I Get This?
To begin using BYOK, speak with your Domo account team.Prerequisites
- If you are not on a consumption contract, you must have a Domo Enterprise account. Users on a consumption contract have access to BYOK as long as they meet the remaining prerequisites.
-
An active Amazon Key Management System (KMS) account.
- Speak with your Domo account team to determine the type of KMS account needed.
- Only supported on AWS
- Cannot be a federated data customer.