<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1424789497837018&amp;ev=PageView&amp;noscript=1">

Where are your encryption keys and who has control over them?

All entities should ask “Who controls the key?” when using encryption services.

Data breaches have become far too common, and as a result, the world is smartening up in regard to cybersecurity. While organizations have acquired and deployed numerous data protection tools and services, one method stands out from the rest: encryption. In fact, encryption is so powerful when it comes to data security, the United States government is requesting access to encryption keys, which would allow federal agencies to decrypt obscured private information, The New York Times reported.


This recent news highlights an important question that all entities should ask when using encryption services: "Who controls the key?"

"The data owner himself, herself or itself should always handle encryption keys."

In short, the answer to that query should always be the data owner himself, herself or itself, but that is not usually the case. For one, if the government is requesting keys from cloud storage companies, this means that those businesses have access to encryption keys. Likewise, many email, cloud and encryption services hold onto keys as well. According to InformationWeek, even when Google gave customers the power to control their own keys, it noted that the company does hold them "transiently."

Control over encryption keys is vital and no one else should be able to access them, especially in this day and age when hackers can move across systems and onto different networks. As InformationWeek asserted, if users handle their own keys, data can be secure anywhere: in the cloud and on-premise. Therefore, the best encryption services are the ones that put data owners in the driver seat when it comes to encrypting and decrypting, and CloudMask stands out in that regard since the key stays with the user, while the lock is given to colleagues and co-workers. As an added benefit, not even CloudMask will see the key, ever.

Protection Under Breach

With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.


Watch our video and demo at www.vimeo.com/cloudmask