Key Management as a Service
Cogito group are experienced Key Management service providers. Since 2011 Cogito Group have offered comprehensive Key Management as a service options. We can provide BYOK and HYOK, alongside dedicated or shared services including hardware offerings. Our offerings are designed to reduce organisational cost while improving security posture.
Avoid Vendor Lock-in
Vendor lock-in prevents migration from one cloud provider to another. Without a viable migration option, cloud customers become dependent on their service provider and any subsequent service changes.
Enable Data Sovereignty
Data Sovereignty refers to when an organisation in one country sends and stores data in a separate geographical location. this can become a complex legal issue, particularly in reference to cloud-based service providers.
Costs associated with Key Management can rise upward into the millions. From training staff in niche skill areas, to setting up and adopting new systems. Cogito’s KMaaS services bring organisations cost-effective agility.
Enable BYOK and HYOK
BYOK allows clients to use keys not related from their cloud services vendor. They can generate their own key, or use a third-party key provider. HYOK allows customers to keep their key in an on-premises service and manage all encryption and decryption with their own hardware.
Key Management Explained
Hackers aren’t looking to break your encryption, they want to find your keys.
When data is encrypted a new key is created. Keys need to be protected to ensure the means to unlocking your data remains secret.
Data encryption is classified in two types; symmetric and asymmetric. Each term refers to the respective number for keys used. Symmetric encryption uses one single key to encrypt and decrypt the data. In Asymmetric encryption, a public key encrypts data and a private key decrypts it. The public key can be freely distributed, however the private key must be kept very secure.
Key Management is the procedure of protecting keys, this involves identifying who holds the keys; how they are generated; how they are distributed, and how they are rotated.
BYOK (Bring Your Own Key) is a method of key management that allows users to retain control of their key management. Best practice for BYOK involves customers generating keys in strong, tamper resistant hardware security modules. The FIPS-140-2 Level 3 HSM configuration is considered by the National Institiute of Standards and Technology to be the most secure.
HYOK (Hold Your Own Key) is a method of key management that allows users to use their own on-premises hardware to perform encryption and decryption activities. Hold Your Own Key ensures that no one has access to your data without your approval.
Critical Components of Key Management Services:
Each key management service may differ slightly in its components. To keep your data safe understanding the differences in these configurations is key. These include:
If a company stores both your encrypted keys and encrypted data they will be able to access this data. It is generally accepted that providers for encrypted keys and data should be kept separate to prevent them accessing your data.
Policies can be created for encryption keys to allow a company to create, revoke, expire and remove ability to share keys and data.
Authentication refers to the user who is given a key being identified as able to use it.
Authorisation allows users to access the data assigned to their roles and responsibilities. Best practice is to offer least privilege.
Cogito Group’s Experience
1800 COGITO (264486)
or +61 2 6140 4494
0800 COGITO (264486)
or +64 4909 7580
Auckland | Brisbane | Canberra
London | Melbourne | Sydney
Washington DC | Wellington