Cloud consumers face a choice: using the cloud service provider’s (CSP) encryption or bringing their own encryption. Cloud providers make their native encryption offerings as simple as they can. For many providers, the cloud consumer can simply turn on encryption and not bother with the encryption keys. However, keeping the keys secure and separate from the data store is essential to securing the data, because encrypted data can be decrypted if the keys are available. Arguably, securely managing the keys is what digital security is all about.
The cloud is still a young industry, and reliable sources regarding cloud security are few. One we trust for cloud security best practices is the Cloud Security Alliance and their Cloud Controls Matrix, which states, in section EKM-04: "Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties."
Download this white paper to learn how secure and manage your encryption keys in a multicloud environment.