What is Bring Your Own Key (BYOK)?

What is Bring Your Own Key (BYOK)?

Bring Your Own Key (BYOK) allows organizations to encrypt data and have full control of their encryption keys.

Each cloud provider offers to Bring Your Own Key (BYOK), but with varying degrees of support. With client-side encryption, the application is typically responsible for encrypting and decrypting the data before sending and receiving it from the cloud service providers. 

With BYOK, organizations can import their own master key, which the cloud provider stores in the key management system (KMS). If the master keys are stored in an external Key Management System, the cloud provider never gets access to the master key.

The cloud provider protects the data encryption keys (DEKs) by using your master key. The organizations always have a copy of the master key in case it is lost or revoked.