Key Management as a Service
We can provide BYOK and HYOK, alongside dedicated or shared services including hardware offerings. Our offerings are designed to reduce organisational cost while improving security posture.
Avoid Vendor Lock-in
Vendor lock-in prevents migration from one cloud provider to another. Without a viable migration option, cloud customers become dependent on their service provider and any subsequent service changes.
Enable Data Sovereignty
Data Sovereignty refers to when an organisation in one country sends and stores data in a separate geographical location. this can become a complex legal issue, particularly in reference to cloud-based service providers.
Reduce Cost
Costs associated with Key Management can rise upward into the millions. From training staff in niche skill areas, to setting up and adopting new systems. Cogito’s KMaaS services bring organisations cost-effective agility.
Enable BYOK and HYOK
BYOK allows clients to use keys not related from their cloud services vendor. They can generate their own key, or use a third-party key provider. HYOK allows customers to keep their key in an on-premises service and manage all encryption and decryption with their own hardware.
Key Management Explained
Hackers aren’t looking to break your encryption – they want to find your keys.
When data is encrypted a new key is created. Keys need to be protected to ensure the means to unlocking your data remains secret. Data encryption is classified in two types; symmetric and asymmetric. Each term refers to the respective number for keys used. Symmetric encryption uses one single key to encrypt and decrypt the data. In Asymmetric encryption, a public key encrypts data and a private key decrypts it. The public key can be freely distributed, however the private key must be kept very secure. Key Management is the procedure of protecting keys, this involves identifying who holds the keys; how they are generated; how they are distributed, and how they are rotated.
Hold Your Own Key
HYOK (Hold Your Own Key) is a method of key management that allows users to use their own on-premises hardware to perform encryption and decryption activities. Hold Your Own Key ensures that no one has access to your data without your approval.
Bring Your Own Key
BYOK (Bring Your Own Key) is a method of key management that allows users to retain control of their key management. Best practice for BYOK involves customers generating keys in strong, tamper resistant hardware security modules. The FIPS-140-2 Level 3 HSM configuration is considered by the National Institiute of Standards and Technology to be the most secure.
Critical Components
Each key management service’s configurations are slightly different, including:
Key Storage
If a company stores both your encrypted keys and encrypted data they will be able to access this data. It is generally accepted that providers for encrypted keys and data should be kept separate to prevent them accessing your data.
Policy Management
Policies can be created for encryption keys to allow a company to create, revoke, expire and remove ability to share keys and data.
Authentication
Policies can be created for encryption keys to allow a company to create, revoke, expire and remove ability to share keys and data.
Authorisation
Authorisation allows users to access the data assigned to their roles and responsibilities. Best practice is to offer least privilege.
Our Experience
