Key Control in the Cloud

A frequent discussion as organizations seamlessly extend to the cloud is security. Moving to the cloud for even small workloads is logical and inevitable, and security as a best practice is as well.

Security often equates to encryption and when cloud providers provide encryption, well, in many cases they hold or have access to the keys.

Let’s stop and think about this for a second. If having your cloud service provider encrypt your data makes you feel safe, be careful.

What you are effectively doing is giving the cloud service provider–be they regional or a big public cloud—decision?making power over who can decrypt your information, when, and for what reason. This is fine if you trust them, but here are a few things you may want to think about:

  • Government agencies can compel cloud service providers to decrypt and hand over your data for a variety of purposes, without your knowledge or control.
  • You’re at the mercy of the cloud service provider’s systems administrators who may or may not be looking out for everyone’s best interest.
  • Last (and this is not a conclusive list) there is also the issue of data destruction. Some organizations like to burst out to the cloud, only to burst back into their private data center when things die down. Sometimes, they want to ‘move around’. When it’s time to leave for greener pastures, how can you be assured that the data does not stay in the cloud?

When encrypted data is stored or processed in the cloud, the lock and the keys should be kept separate and the end user should control the keys. At the very least, make sure that you understand the policies and best practices your service provider has in place should that not be the case.

In certain use cases, maybe those keys are better managed up there in the cloud. Just make sure you know who has the keys and what needs to be done for anyone other than yourself to access them.


Leave a Reply


We are very pleased to announce that CloudLink has been acquired by EMC Corporation.  EMC is the leader in delivering solutions that enable the world to store, manage and leverage data.  The EMC Enterprise Hybrid Cloud enables customers to deploy IT as a Service quickly and easily.  CloudLink is an award-winning provider of software-based data security solutions for hybrid clouds.  As part of EMC, CloudLink will empower customers to embrace the hybrid cloud while addressing concerns around data security and sovereignty, and maintaining regulatory compliance.

Since CloudLink turned its focus to cloud security more than four years ago, we have been heartened to witness the exponential growth of private, public and hybrid cloud and honored to help our customers embrace this new paradigm.  Our induction into the EMC Select partner program two years ago was both a privilege and an excellent opportunity for us to develop solutions that truly address customer needs.  We are eager to contribute to the customer value EMC delivers through its industry-leading innovation, service and support.

Above all, we’d like to extend our thanks to our customers, partners and employees, as well as everyone who has helped us evolve and innovate.  We are very excited to join the EMC family and look forward to continuing our joint commitment to making hybrid cloud a success. If you have any immediate questions, please do not hesitate to contact us at


The CloudLink Team
PS Read the story behind the acquisition.