Commvault Unveils Clumio Backtrack - Near Instant Dataset Recovery in S3
With the ever-increasing adoption of SaaS, PaaS, and IaaS products, a platform security feature known as Bring Your Own Key (BYOK) has garnered attention for its ability to enhance data security and control.
Clumio’s implementation of BYOK offers a compelling case study for its usage. BYOK enables our customers to increase their security control, and gain transparency into how and when their data stored within Clumio is read.
However, as with any technology, it’s crucial to weigh the benefits against the potential drawbacks to make an informed decision about using a feature.
Note: The information presented is intended to be general and applicable advice for any SaaS platform; however, it may not apply in all situations. The analysis in this article is based on AWS systems, Key Management Services, and Encryption services. Each situation should take into account the organization’s business objectives and risk tolerance.
Backup data is intended to be an immutable copy that can be resilient to cyber attacks. As part of building systems with strong resilience to cyber attacks, we want to ensure that compromise of an account (or generalized unauthorized access) cannot lead to negative impacts on data integrity and availability.
When using Clumio or other SaaS solutions in the off-the-shelf configuration (i.e. electing to have the service provider manage encryption and associated keys, not using BYOK) you inherently gain an out-of-band set of management controls for your backup encryption keys. This means an attacker who has compromised or gained administrative rights in your primary data environment cannot access or affect the data stored in the SaaS platform, assuming the data is immutable by default as it is with Clumio.
If you choose to use BYOK, you do not inherit these out-of-band controls. This places a burden on the end user to carefully evaluate how the BYOK key will be managed, and what impact an attack may have if the keys’ confidentiality is compromised.
Let’s examine this in more depth starting with the advantages of BYOK, the disadvantages, and best practices to mitigate risk of key compromise when electing to use BYOK.
BYOK offers two significant advantages: a clear audit trail of key usage and the ability to revoke access, rendering data unreadable.
This level of control is crucial for organizations that prioritize self-control of data access and need to meet strict compliance and regulatory requirements. With BYOK, businesses can manage encryption keys according to their policies, providing a layer of transparency that is often demanded in highly regulated industries.
With BYOK you can prove when data was read (decrypted) and compare that to expected actions of your SaaS solution. In the case of Clumio, this means you should only see decryption events when a user initiates the restore of a backup.
Having a detailed audit trail is vital for security audits and compliance. BYOK ensures that every access and operation performed with the encryption key is logged, enabling organizations to monitor and review how data is accessed and by whom. This feature is particularly useful in detecting unauthorized access to data.
In other words, BYOK provides a mechanism to detect unauthorized access to data in a vendor’s environment. This can be used as a compensating control if storing data in a third-party environment makes your security neck hairs stand up.
If you’re worried about a potential compromise of your SaaS provider, and therefore a perceived risk to the confidentiality of the data stored with that provider, the ability to revoke access to encryption keys ensures that sensitive data remains secure. This rapid response capability can provide a safe backstop to storing data with third parties.
While BYOK offers enhanced control, it also introduces risks if encryption keys are not adequately protected against threats like rogue employees or advanced persistent threats (APTs). In the case of backups, the integrity of the data could be compromised if keys are deleted or mishandled, undermining the very purpose of data backups as a fail-safe in disaster recovery scenarios.
This is a good reminder that BYOK is only as useful as the user’s ability to protect the keys’ confidentiality.
To address these concerns, organizations must adopt a comprehensive security strategy that includes the following:
The decision to adopt BYOK with any SaaS platform, including Clumio, should be made after carefully considering the balance between enhanced security control and the potential risks associated with key management.
Implementing the recommended security measures can mitigate these risks, ensuring that the integrity of backups remains secure. Ultimately, BYOK’s value lies in its ability to offer organizations greater control over their data security, but this control comes with the responsibility of rigorous key management.
Want to keep reading? Download Secure, Immutable, Air-gapped Data Protection to learn more about Clumio’s security advantages, then read our blog for instructions on how to enable BYOK in your Clumio environment.