Bring your own encryption, or BYOE, is a relatively new cloud computing security model that is providing companies with a new way to address data storage security concerns in a cloud-based environment. Above all, this new trend is encouraging decision makers to put security as high on the agenda for the Aalways-on business as other business-critical technologies such as cloud computing and virtualisation.
The BYOE security model gives cloud customers complete control over the encryption of their data, and enables them to use a virtualized example of their own encryption software together with the applications they are hosting in the cloud to encrypt their data. This can be done with ease, and at the same time cloud providers are able to find innovative ways to let users manage their encryption keys.
Up to now, questions around data sovereignty drove the majority of decisions around moving to the cloud. After all, having corporate data subject to the laws of the country in which it is located has created additional challenges for CIOs all over the world. With BYOE, it does not matter where organisational data resides as the company has its own encryption keys.
The BYOE paradigm places the onus on the business to encrypt the data locally before storing it offshore. Given the connectedness of the world, and the extent to which people access back-end corporate data using a myriad of devices irrespective of location, this is an especially empowering way of going about security.
It is also a great way of diversifying the backup strategy of an organisation. Not only does it mean there are local and off-site copies available, it also provides decision-makers with the added peace of mind that the data is secure from prying eyes.
Of course, this does not mean companies should embark on a mass exodus and migrate to international solutions providers if it’s not right for them. Instead, BYOE gives companies the option and flexibility to use local cloud providers as their primary option and offshore data centres as additional backups once the data is encrypted.
Lost my keys!?
When it comes to this model, one of the biggest concerns is what happens if the encryption key is lost? After all, encryption is theoretically a single point of failure that could see all corporate data lost. There are ways to address this however. As an example, Veeam has implemented a feature that can generate a new encryption key for the company on request. This is done once certain elements have been verified and provides customers with a fail-safe solution around encryption.
It is important to note that using BYOE does not mean there is an inherent distrust towards cloud providers and their ability to store data. Rather, it is about securing corporate information as effectively as possible using all the options available to meet regulatory requirements. Bring your own encryption can even help build trust with partnered vendors. If a corporate company relies on a service provider who understands its unique requirements, the best way to enhance the relationship is to integrate BYOE.
The always-on business requires an environment that is conducive to innovation and leveraging the best technologies for the needs of the business. BYOE supplements that from a security perspective and ultimately allows businesses to confidently transition their IT operations into the cloud.
Mike Resseler is senior product strategy manager at Veeam.