How Customer Managed Keys (CMK) Impacts Your Data

Sometimes we have assets or personal items we deem too important to store in our homes.

  • Passports
  • Original birth certificates
  • Original marriage licenses
  • Deeds and titles
  • Inventories of your personal possessions
  • Stock and bond certificates
  • Valuable jewelry

So we open up a safety deposit box at a local bank and store everything inside. They come in many sizes and offer security and protection against many things. They are fireproof, flood-proof, and have a reasonable amount of security to protect what’s inside.

Yet your safety deposit box isn’t alone. Depending on the size of your bank, there may be dozens, even hundreds of boxes located in a safe location. In essence, you are sharing space within the bank, and deem it to be safe enough for your worldly possessions.

You’re releasing the safety to the bank, while you maintain full security by keeping an original key. Without the key and proper authority, the contents of your box are inaccessible. You maintain control. And for most of us, we consider those safety and security practices to be viable enough.

Any service hosting customer data works in a very similar manner.

You have content and data that you deem important enough you choose to store outside of the walls of your business. You trust it to the cloud. You do so by selecting a hosting service and uploading your data to their capable hands.

When you upload information, the data is encrypted, put into a “box” and stored with other “boxes” out on the cloud. Boxes are encrypted individually, and you are given a separate key in order to access the data at will. These keys are known as Customer Managed Keys, or CMK. CMK is where the true power is in keeping your data safe.

It’s also what you should evaluate before you trust a service.

  • Can you login to the host and mange or suspend the key without the providers help or knowledge?
  • Does the service provider have software that can compromise and leak the key?
  • Keys are rotated on a regular basis. How does this process work? How long does this process take?

While this is a simplified approach to what happens to your data, it should help you understand the care and consideration you should have before you decide on a service.

Just as banks are conscious of providing a multi-layered approach to ensuring your assets are safe and protected, so to should a cloud service provide a wide array of capabilities, including:

  • A safe and secure storage container for data
  • Secured channels to access data
  • No single entity to own or control the encryption keys
  • Compliance reports and audit trails

It’s your data. And how safe it stays depends on how much due diligence you put into the process of selecting the right service for you.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.