Companies who use Amazon Web Services (AWS) often choose to do so because of its scalability, ease of use and lower costs than other services or hosting their own data centers. However, it could bring a challenge for those in the EU who need to remain compliant with Schrems II to protect their data. Here we discuss the compliance challenges facing EU companies using AWS to host data and how Cryptomathic’s Bring Your Own Key (BYOK) Service can provide Schrems II compliance for AWS-hosted data.
Keeping data safe in the Cloud has always been a concern for users, hence the need for encrypting data. With more businesses taking advantage of what the cloud has to offer with cloud-based services, there has been increased focus on who should manage the keys used to encrypt and decrypt data.
This article takes a look at how Cryptomathic’s AWS BYOK Service can provide better control and auditability of key encryption keys for the Amazon Simple Storage Service (Amazon S3).
Many industries, including banking, finance and healthcare are required to comply with data security standards under regulations like SOC, NIST, PCI, GDPR or HIPAA. Such industries can be subject to costly penalties if they are unable to prove their compliance in the event of a security breach.
Here we look at what it means to “bring your own key”, “control your own key” and “hold your own key” and what the differences are between these three methods for protecting business-critical cryptographic keys used to encrypt data in the cloud.
Microsoft’s Azure Key Vault Managed HSM allows customers to safeguard their cryptographic keys for their cloud applications and be standards-compliant. It is a highly available, fully managed, single-tenant cloud service that uses FIPS 140-2 Level 3 validated hardware security modules (HSMs). Here we will discuss the reasons why customers who have a centrally managed key management system on-premises in their data center should use a hosted HSM for managing their keys in the MS Azure Key Vault.
Bring your own key (BYOK) is a popular term relating to key management for cloud applications. However, a lack of standardization makes it confusing to understand the various meanings that exist under bring your own key. To help understand this, the Cloud Security Alliance (CSA) in its document “Key Management in Cloud Services” has been helpful in describing the various meanings and concepts surrounding “Bring Your Own Key.”
In response to changing and more dynamic market demands, banks and financial institutions are turning into financial service platforms. They increase the extent of their digital transformations across the hybrid cloud, guided by three motivating factors:
This article explores the concept of financial service platforms and aligns resulting business (process) goals with the necessary crypto architecture. We have a particular look at the integration of MS Dynamics and MS Azure, as it is a rapidly growing service extension platform for many banks.
This article explores how Cryptomathic CKMS combines BYOK for the MS Azure Key Vault with banking-grade key lifecycle management; to address the concerns banks have regarding key management in the public cloud.
