Bring Your Own Encryption


The Cloud Security Alliance emphasizes the importance of shared responsibility in its latest Security Guidance v4.0. Shared responsibility means that Cloud Solution Providers (CSPs) own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud.

Securing data in the cloud properly requires that data owners own—and can prove that they own—their data, from inception to deletion. That means that data owners—not their cloud provider—must protect their sensitive data by deploying a cloud security ecosystem where data and cryptographic keys are secured and managed, and access is controlled.


For the highest level of data security in the cloud, users should deploy advanced BYOE tools in their cloud environments. Thales TCT offers advanced multi-cloud BYOE tools through CipherTrust Data Security Platform to secure data and rapidly reach compliance.

Compared to the native encryption solutions available from cloud providers, Thales TCT BYOE through CipherTrust Data Security Platform delivers:

  • High-performance AES encryption enhanced by hardware acceleration and granular access control policies, including privilege user access control. BYOE controls who, through what process and at specified times, can see specific data.
  • An architecture that secures unstructured files, structured databases, and big data environments and also enables users to migrate data between cloud environments and on-premises servers without the time and cost of decryption.
  • Easily add tokenization, or format preserving or traditional encryption to applications using RESTful APIs or the industry’s most powerful and secure encryption libraries for additional granular controls and regulatory compliance.
  • BYOE extensions enable use of data during encryption and rekeying operations with patented Live Data Transformation or, to isolate and secure container environments by creating policy-based encryption zones. BYOE monitors and logs file access to accelerate threat detection with Security Intelligence Log integration with popular SIEM tools.
  • Simplified key management across on-premises and multi-cloud deployments by centralizing control on CipherTrust Manager.