Primary key holder

richard searle fortanix
Richard Searle
Updated:Apr 30, 2025
Reading Time:3 Minutes
Copy-article Cite this article
Primary key holder

In a drive to streamline processes and improve cost efficiency, organizations are entrusting an ever-increasing amount of sensitive data to public cloud providers. To avoid cloud security risks, organizations need to have a strong hold on key management and smarter cloud data control strategies.

Indeed, a majority of organizations are now using multiple cloud services, with recent research from Gartner confirming that 81 per cent of public cloud users have two or more providers.

Despite the clear benefits of migrating to the cloud, organizations also face some increased risk as they lose control of how their data is secured.

This is exacerbated when this sensitive information is fragmented across several different providers, because businesses have little oversight of how it is being secured and handled across all their employed environments. The increased reliance on third parties raises questions around data security solutions.

As such, businesses have had no option other than to trust that their cloud providers are protecting their information adequately.

Organizations can have all the advantages of using public cloud services while ensuring that their data is safe through generating and centrally managing their own encryption keys.

Third Party Risk

Clearly this is far from ideal, particularly with increasing pressure from regulators concerning how the data held by third parties is protected.

For example, both the GDPR and the CCPA can penalize a business for data being breached through a third party if it is not properly secured using a range of data security measures, including encryption and key management.

Further, under the PCI DSS regulations, firms that deal with card payments must store these details in a different cloud to the one that contains their cryptographic keys, in case of a breach.

In 2024, as per the Security Scorecard 2025 Global Third-Party Breach Report, at least 35.5% of all data breaches originated from third-party compromises, marking a 6.5% increase from the previous year. The numbers validate the rising risks associated with third-party vendors.[source]

Yet if organizations can adopt a centralized key management solution, they can enjoy all the advantages of using public cloud services while ensuring the safety of their data by generating and centrally managing their own encryption keys.

Bring Your Own

In an attempt to address customer concerns concerning security and control, many cloud providers offer a Bring Your Own Key (BYOK) interface, where organizations can generate and manage their own encryption keys.

In reality however users are provided with little control, as the keys have to be exported into the cloud provider’s key management system (KMS).

In cases where businesses use several different cloud providers, as well as on-premise environments, they will have multiple KMS to monitor, which makes oversight complex and costly, resulting in a greater security risk from untrusted cloud administrators.

To mitigate the issues of control and oversight, many key management vendors are now offering Bring Your Own Key Management System (BYOKMS) services, which enable users to create, manage, and store their own encryption keys off-platform, i.e., independent of the cloud provider

Centralized Cloud Control

There are many benefits to taking back control of cryptographic keys from cloud providers through BYOKMS.

Firstly, organizations can store their keys in a data center of their choice and then control who can access information, rather than leaving it in the hands of cloud providers. This is actual cloud data control

This also means that with an external key management solution, businesses can add extra security to exert greater control over their data, such as being able to set parameters about where and when data can be accessed, and by whom.

BYOKMS also supports a centralized system for managing cryptographic keys and certificates across all of an organization’s IT environments, whether public, hybrid, private cloud, or on-premises.

This reduces the costs, resource demands, and the complexity of keeping abreast of multiple key management systems.

Additionally, the central storage, oversight, and control of encryption and key management used across all environments enables businesses to more easily demonstrate to regulators that they are complying with their data security demands.

Indeed, firms that take card payments and are following the BYOKMS approach will be able to store these financial details in the cloud without falling foul of the PCI DSS.

Wherever a business stores sensitive data and however it is used, a system must be in place to ensure that it is protected at all times. Having complete oversight and control of encryption and key management is the most effective way of ensuring that data is safe in all environments.

2024-buyers-guide
Share this post:

Platform

Fortanix Armor

Armet AI

NEW

Key Insight

Data Security Manager

Confidential Computing Manager

Open Source Platform

Enclave Development Platform®

Solutions

Use Cases

Legacy to Cloud Infrastructure Migration

Regulatory Compliance

Post-Quantum Readiness

Secure, Data-Driven Innovation

Company

About Us

Partners

Careers

Confidential Computing

University

Blog

FAQ

Contact Us

Awards

Events

Press

News

Services

Media Kit

Newsletters

Customers

Resources

Support

Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2025

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712