Jump to content

Bring your own encryption

From Wikipedia, the free encyclopedia

Bring your own encryption (BYOE), also known as bring your own key (BYOK), is a cloud computing security marketing model that aims to help cloud service customers to use their own encryption software and manage their own encryption keys.[1] BYOE allows cloud service customers to use a virtual instance of their own encryption software together with the business applications they are hosting in the cloud in order to encrypt their data.[2] The hosted business applications are then set up so that all their data will be processed by the encryption software, which then writes the ciphertext version of the data onto the cloud service provider's physical data store, and readily decrypts ciphertext data upon retrieval requests.[3] This gives the enterprise the perceived control of its keys and producing its own master key by relying on its own internal hardware security modules (HSM) that are then transmitted to the HSM within the cloud. Data owners may believe their data is secured because the master key lies in the enterprise's HSM and not that of the cloud service provider.[4] When the data is no longer needed (i.e. when cloud users choose to abandon the cloud service), the keys can simply be deleted to render data encrypted with said keys permanently inaccessible. This practice is called crypto-shredding.


By using its own keys, an organization can securely store data with unique encryption that no other party has access to.[5] This can allow multiple organizations to share the same hardware infrastructure via cloud services like Amazon Web Services (AWS) or Google Cloud while maintaining encryption to comply with HIPAA or similar standards.


With multiple users sharing the same hardware and each using their own encryption, resource utilization can be higher compared to traditional encryption practices. While it may be possible to minimize this issue, that may hinder the security benefits.[6]

See also[edit]


  1. ^ Rouse, Margaret (22 February 2014). "BYOE(Bring Your Own Encryption)". What Is. Retrieved 10 April 2015.
  2. ^ "Control of Your Cloud Data Encryption with Bring Your Own Encryption (BYOE)". parachute.cloud. 2021-09-21. Retrieved 2023-12-25.
  3. ^ Steve, Wexier (24 March 2014). "Solving Cloud Security Will Open Adoption Floodgates". IT Trends & Analysis. Archived from the original on 20 April 2015. Retrieved 10 April 2015.
  4. ^ Zhang, Hongwen (6 April 2015). "Bring your own encryption: New term in the cloud age". Networks Asia. Archived from the original on 14 August 2017. Retrieved 10 April 2015.
  5. ^ "Bring Your Own Encryption to the Public Cloud". Thales Group. Retrieved 22 May 2024.
  6. ^ "THE RIGHT WAY TO THINK ABOUT BRING YOUR OWN KEY ENCRYPTION". Antimatter. Retrieved 22 May 2024.