Thales Blog

The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud

March 4, 2021

Paul Hampton Paul Hampton | Cloud Security Expert, Thales More About This Author >

Trust is a much-debated topic in cloud security. It is as important as privacy, security and compliance. With customers increasingly being less trusting of how companies store and process their data in the cloud, encrypting this data and controlling the encryption keys is essential for building trust.

“To trust more, you need to trust less”

However, there seems to be a cloud trust paradox: to trust more, you will need to trust less. The less a cloud provider knows or holds about you and your data, the more you trust them. Based on this notion of trust, Google Cloud developed the technology of External Key Manager (EKM), which helps organizations achieve a next level of control over how and when their encryption keys are used to protect and access the users’ encrypted data.

Giving organizations the possibility to manage their keys outside of the cloud platform, not only helps to increase their level of trust, but it is also a great way to mitigate certain threat factors, including:

  • Accidental loss of encryption keys by the provider due to something like a bug or operational issue;
  • Disclosure of keys due to a misconfiguration of native cloud security controls;
  • Mitigation of a disgruntled employee scenario since the employee cannot access the keys; and,
  • Requests by some entities that a cloud provider surrenders the keys to a particular client’s data.

The necessity of keeping encryption keys off the cloud

Besides these security considerations, Google Cloud has identified “three patterns where keeping the keys off the cloud may in fact be truly necessary or outweighs the benefits of cloud-based key management.”

The first scenario concerns extremely sensitive, highly-regulated data, such as healthcare, financial or pharmaceutical. In this case, organizations would prefer for various risk, compliance or policy reasons to maintain this data on-premises. However, this decision could jeopardize other corporate goals. Hence, a more balanced solution would be to migrate the encrypted data to the cloud while retaining full possession of the encryption keys.

The second use case involves the privacy and security regulatory regimes in regions like Europe, India, Japan or Brazil, and sustaining compliance with these requirements. These requirements state or imply that the cloud provider cannot have access to data under any circumstance, which may necessitate not having a way for them to access the encryption keys. The notion of data sovereignty empowers “customers with a mechanism to prevent the provider from accessing their data, approving access only for specific provider behaviors that customers think are necessary.” To comply with these requirements, organizations can still utilize Google Cloud to store their data while keeping their encryption keys in the location of their choice, under their physical and administrative control.

Finally, as Gartner noted, operational efficiency and the need to reduce the number of key management tools is a strong motivation for keeping all keys within one system to cover multiple cloud and on-premises environments. A centralized key management solution reduces complexity and gives the cloud customer the capability to centrally enforce policies around access to keys and hence access to data at rest.

Way ahead

To help organizations benefit from this enhanced level of control, Thales has integrated its CipherTrust Key Broker service with Google Cloud EKM. CipherTrust Key Broker for Google Cloud EKM is available on the Thales Data Protection on Demand platform, and you can learn more about it in the CipherTrust Key Broker for Google Cloud EKM solution brief.

Furthermore, to uncover the cloud trust paradox, join me and Google’s Anton Chuvakin on March 9 for a webinar, “The Cloud Trust Paradox: Keeping Control of Data & Encryption Keys in the Cloud,” where we will discuss how Google and Thales are helping organizations address the cloud trust challenge by exploring use cases where keeping the encryption keys off the cloud may in fact be truly necessary or outweigh the benefits of cloud provider based key management.