Bring your own encryption

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Bring your own encryption (BYOE)—also called bring your own key (BYOK)—refers to a cloud computing security marketing model that purports to help cloud service customers to use their own encryption software and manage their own encryption keys.[1] BYOE allows cloud service customers to use a virtualized example of their own encryption software together with the business applications they are hosting in the cloud, in order to encrypt their data. The business applications hosted is then set up such that all its data will be processed by the encryption software, which then writes the ciphertext version of the data to the cloud service provider's physical data store, and readily decrypts ciphertext data upon retrieval requests.[2] This gives the enterprise the perceived control of its own keys and producing its own master key by relying on its own internal hardware security modules (HSM) that is then transmitted to the HSM within the cloud. Data owners may believe their data is secured because the master key lies in the enterprise's HSM and not that of the cloud service provider's.[3] When the data is no longer needed (i.e. when cloud users choose to abandon the cloud service), the keys can simply be deleted. That practice is called crypto-shredding.

See also[edit]

References[edit]

  1. ^ Rouse, Margaret (22 February 2014). "BYOE(Bring Your Own Encryption)". What Is. Retrieved 10 April 2015.
  2. ^ Steve, Wexier (24 March 2014). "Solving Cloud Security Will Open Adoption Floodgates". IT Trends & Analysis. Retrieved 10 April 2015.
  3. ^ Zhang, Hongwen (6 April 2015). "Bring your own encryption: New term in the cloud age". Networks Asia. Retrieved 10 April 2015.