The AWS cloud is enjoying increasing popularity with its very high levels of scalability, durability, and availability. It releases companies from the burden of 24/7 service and maintenance and is available in many regions, ensuring that data stays in a confined area of jurisdiction. Here we look at how Cryptomathic's AWS BYOK Service can help your business generate and control your own keys for AWS to remain compliant with industry standards, easily auditable, and secure.
Key management and the challenge of data privacy and protection
For simple and non-sensitive data like gaming data or weather data, high levels of data privacy and protection do not play an important role. However, when it comes to sensitive data such as personal identifiable information (PII), privacy and data protection standards become highly important. Many industries have established standards assuring the correct handling of encryption keys for protecting customer data - in-house, and in the cloud.
A key management strategy should be carefully analyzed in a cloud environment for data privacy and protection. Control of the keys is a challenge when companies entrust their data to third parties, as it could make their users' personal data vulnerable to cyber threats. Organizations must also develop governance practices for cloud access to ensure secure authentication, authorization, and auditing processes that meet each organizations' specific needs and compliance requirements.
Cryptomathic’s AWS BYOK Service as warden of data security, privacy and process compliance
Using Cryptomathic’s AWS BYOK Service for cloud key management provides organizations with a secure service rooted on hardware security modules that are under the sole logical control of Cryptomathic. The organizations are enabled to push and manage their own keys and their life cycles. AWS KMS utilizes these keys to encrypt all data used throughout AWS applications and protect it from unciphered access through third parties.
Cryptomathic’s AWS BYOK Service traces all key movements, with time stamps and identity of the users administrating the keys. Cryptomathic’s AWS BYOK service allows for comfortable management of the keys and to keep them in the dedicated area of jurisdiction.
The service allows for comfortable audits, providing the organizations with protection and legal assertion. Including Service Organization Control reports, payment card industry reports as well as certification from many accreditation bodies across areas of jurisdiction.
Payment Card Industry Data Security Standard (PCI DSS) Level 1 compliance
PCI DSS Level 1 compliance is required by entities accessing and handling cardholder data (CHD) or sensitive authentication data (SAD). These entities include merchants, processors, acquirers, issuers, and service providers. Cryptomathic has been a leading provider of key management solutions in the payment card industry for many decades, and is more than familiar with this market’s specific audit requirements.
Federal Information Processing Standard - FIPS 140-2 Level 2 and partially Level 3
FIPS 140-2 is required by several industries with respect to cryptographic modules that handle data at rest and data in motion. Level 2 requires level-tested algorithms, role-based authentication, and tamper-evident physical devices. Its operating system needs to be Common Criteria EAL2 - approved. Level 3 adds the requirement for tamper-resistant devices, a separation of security-critical logical and physical interfaces as well as identity-based authentication. Further it requires private keys leaving or entering the system to be encrypted. The solution is Level 3 compliant for the Cryptographic Module Specification, the Roles, Services, and Authentication, Physical Security, as well as Design Assurance.
Federal Risk and Authorization Management Program (FedRAMP) compliance
FedRAMP compliance is required to provide cloud-based services to the United States - government. The standard requires a strict and non-repudiable procedure for security assessment, authorization, and continuous monitoring for all provided cloud services. The AWS BYOK Service provides all required documentation online automatically and on demand.
Health Insurance Portability and Accountability Act (HIPAA) compliance
HIPAA compliance is required for health service and eHealth providers who have access to and handle sensitive patient data. The requirements include security with respect to physical access, networks, infrastructure, and processes. Substantiation of compliance is automatically available on demand, prepared for an embracive and low-effort audit procedure.
A turn-key BYOK cloud key management service available within minutes
Cryptomathic's AWS BYOK Service provides a 360-degree view of all keys, including key-lifecycle information and user activity for all-embracive audits with minimal effort. It gives legal assertion for service providers working for important but demanding customers. And it can be ramped up within 10 minutes. Try it out for free now!