Bring Your Own Key (BYOK)

Bring Your Own Key (BYOK) allows users of cloud services to generate, manage, and provide their own cryptographic keys. BYOK offers end-users significant control over their encryption keys, unlike the model where encryption keys are solely generated and managed by the cloud service provider (CSP). This control enables users to avoid potential issues related to key management and access when switching between providers.

With BYOK, users can securely transfer their encryption keys to their CSP, ensuring the protection of their data across various cloud environments, including multi-cloud deployments. This approach enhances data security and governance by allowing organizations to apply their own encryption policies while utilizing cloud resources.

BYOK enables organizations migrating to the cloud to achieve:

  • Flexibility, convenience, and cost-effectiveness.
  • Strong control of sensitive data and applications.
  • Full visibility over the use of your keys in the cloud.
  • Highest level of data security, integrity, and trust.

BYOK at Piwik PRO

At Piwik PRO, we see great value in implementing Bring Your Own Key (BYOK), which enables customers to enhance the security of their data.

Piwik PRO has long offered BYOK in the private cloud (dedicated hardware). In the standard setup, private cloud instances are hosted on Piwik PRO’s Azure and/or Orange FE account. Piwik PRO retains a billing relationship with cloud providers.

In 2024, we also decided to implement BYOK for the private cloud (dedicated database), which is available with Orange. In that case, the database is set for each client and encrypted with the client’s key.

Additional reading:


  • Duga Digital - success story - blog

    How Oxford Online Pharmacy increased data volume by 15% with Duga Digital and server-side Piwik PRO Analytics

    Duga Digital’s success story appears as part of our Partner Spotlight series. Oxford Online Pharmacy (OOP) is a family business going back three generations to 1925. Employing experienced pharmacists and healthcare professionals, OOP is committed to translating the values and heritage of the Oxfordshire-based bricks and mortar chemists, online.

    Read more

  • What is PII, non-PII, and personal data? [UPDATED]

    Personally identifiable information (PII) and personal data are two classifications of data that often confuse organizations that collect, store and analyze such data. Both terms cover common ground, classifying information that could reveal an individual’s identity directly or indirectly. PII is used in the US, but no specific legal document defines it. The legal system…

    Read more