Knute Moves Sensitive Content to the Cloud. But Does He Control the Encryption Keys?
Cloud adoption remains a critical focus and priority for many organizations. As information, applications, and other assets move to the cloud, encryption of the data—both in transit and at rest—is a requisite for organizations seeking to protect it from malicious actors. The cloud is transformative, reducing costs, improving efficiencies, providing flexibility and speed to market, and opening new revenue opportunities. When organizations move applications, data, and other IT assets and functions to the cloud, key encryption is co-managed in many instances. Ownership of the keys is jointly held by end-customers and the cloud provider.
The problem is that law enforcement and security agencies, lawyers, and other entities can bypass the end-customer and subpoena cloud providers for a customer’s encryption keys and they must oblige. Knute, the Noncompliance Numbat, embraced the cloud and heralds the newfound benefits of his movement of certain applications and data to the cloud to CEO Cecil. After assuring Cecil that all their data is private and will remain that way, he discovers that isn’t necessarily the case with co-managed encryption keys.