Your IT Consultant

Bring Your Own Encryption Keys to Amazon Web Services

August 15, 2016

If you really want to protect your data AND use cloud services, you need to control your own encryption keys and not entrust them to the cloud provider. The unfortunate reality is that most cloud providers won't let you do that and need to have control of the keys (a.k.a encryption backdoor) to provide the service. The good news is that new technologies are being delivered to allow the end-user the ability to control their own encryption keys. The latest announcement from Amazon, for its AWS Key Management Service, will allow enterprises the benefit of local key management as a service without ceding control of the keys.

As mentioned in InfoWorld, "AWS KMS gives enterprises centralized control over all their encryption keys, so it's easy to encrypt data stored in S3, EBS, RDS, Redshift, and other integrated AWS products. The new feature lets customers import keys from any key management and Hardware Security Module (HSM) solution that supports the RSA PKCS #1 standard and use them with other AWS items and internal applications. It's available in AWS GovCloud for U.S. customers and all commercial AWS regions except China."

This is a great step forward. Cloud services will be more acceptable if the user has control of encryption and doesn't have to give the keys to the kingdom to the service provider.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com