Bring Your Own Key (BYOK)

Bring Your Own Key (BYOK) allows users of cloud services to generate, manage, and provide their own cryptographic keys. BYOK offers end-users significant control over their encryption keys, unlike the model where encryption keys are solely generated and managed by the cloud service provider (CSP). This control enables users to avoid potential issues related to key management and access when switching between providers.

With BYOK, users can securely transfer their encryption keys to their CSP, ensuring the protection of their data across various cloud environments, including multi-cloud deployments. This approach enhances data security and governance by allowing organizations to apply their own encryption policies while utilizing cloud resources.

BYOK enables organizations migrating to the cloud to achieve:

• Flexibility, convenience, and cost-effectiveness.
• Strong control of sensitive data and applications.
• Full visibility over the use of your keys in the cloud.
• Highest level of data security, integrity, and trust.

BYOK at Piwik PRO

At Piwik PRO, we see great value in implementing Bring Your Own Key (BYOK), which enables customers to enhance the security of their data.

Piwik PRO has long offered BYOK in the private cloud (dedicated hardware). In the standard setup, private cloud instances are hosted on Piwik PRO’s Azure and/or Orange FE account. Piwik PRO retains a billing relationship with cloud providers.

In 2024, we also decided to implement BYOK for the private cloud (dedicated database), which is available with Orange. In that case, the database is set for each client and encrypted with the client’s key.

Additional reading:

• How to host your analytics: public cloud vs private cloud vs self-hosted
• How To Tell If You Have Secure Cloud Analytics
• Dedicated database – a private cloud that perfectly combines security with cost-effectiveness