Enterprise-level cloud usage requires strong encryption measures. This is what various regulations like EU-GDPR, EU Standard Contractual Clauses, or Binding Corporate Rules expect from enterprises when they state, “appropriate technical and organizational measures to protect data”. That covers beyond pure encryption – where encryption keys are stored and managed.
AWS offers a huge portfolio of security services on its platform. For encryption, e.g., the Key Management Service (KMS) and Cloud Hardware Security Modules (HSM) are provided as on-platform services. But this convenient approach usually doesn’t meet the requirements of authorities, especially when it comes to workloads for customers in regulated industries or to processing sensitive data. Also, many cloud users want to comply with internal guidelines to protect company-internal data. Management of keys on the cloud provider’s platform isn’t sufficient to achieve the desired level of control of data.
We take GDPR compliance very seriously at ITONICS, so when we were researching how to comply with the Schrems II ruling, we started looking for ways to encrypt our data with keys managed inside the EU. We were delighted to be invited to Deutsche Telekom’s Key Management Service beta program to test the integration with several AWS services. The results of these tests were positive, and we are now moving to the implementation phase of the project.