*This article was written by Qlik and originally appeared on the Product Innovation blog of Qlik here: Qlik Product Release, Customer Managed Keys, Bring your own key, Qlik Sense, Security
Security and governance are fundamental in Qlik’s mission to provide our customers word-class enterprise technology that’s safe. We are pleased to announce Customer Managed Keys, advanced data encryption in Qlik Cloud allowing customers to bring their own encryption keys.
As industries transition into cloud infrastructures, each face their own unique regional or regulatory requirements around data protection and privacy such as GDPR in Europe or HIPAA for US Healthcare. It’s critical that enterprises can trust their data being safe when deployed into the cloud. A vital component of that security infrastructure is through enhanced data encryption and leveraging cryptographic keys.
For customers with higher security requirements, we have released Customer Managed Keys, an additional security offering allowing customers to bring their own encryption service to Qlik Cloud. This empowers the customer to retain full control over their data’s encryption key. If the customer disables access to the encryption key, Qlik Cloud can no longer access the data in that tenant. It’s your data, and your encryption keys.
What is Customer Managed Keys?
Customer Managed Keys is a new security offering in Qlik Cloud which allows customers to bring their own encryption keys (BYOK) to protect the data stored at rest in their Qlik Cloud tenant.
Additional control around data access
Customers may have sensitive data that they do not want Qlik to manage on their own. Customer Managed Keys ensures only the customer has access to the data – not Qlik. If data is encrypted using customer-managed keys and the customer disables access to the encryption key, it is technically impossible for Qlik to decrypt the data without the customer’s consent. The customer keeps full control over the data’s lifecycle.
Qlik’s first implementation of Customer Managed Keys will use AWS Key Management Service (AWS KMS). AWS KMS is a managed service that makes it easy to create and control the cryptographic keys that are used to protect your data. AWS KMS uses hardware security modules (HSM) to protect and validate your AWS KMS keys under FIPS 140-2.
Technical Diagram of integration with AWS KMS
We strive to support our customers navigation through complex regulatory landscapes and enable them to tailor a data security strategy that meets their needs. Customer Managed Keys brings that extra level of trust and security for customers with sensitive data moving in to Qlik Cloud.
To watch a walk-through video, see here.
To learn more about deploying Customer Managed Keys in your Qlik Cloud tenant, see here