More and more enterprises are offering customer managed keys (CMK), having seen the value in giving control to customers as data privacy regulations spark change.
However, not all CMK solutions are created equal.
We’ve found it increasingly frustrating to hear CMK and its many different names used to describe a variety of architectures, some of which don’t meet the baseline requirement of giving a customer control of their data. It’s time to set the record straight and give you the tools to research and plan for CMK at your own company.
Don’t just take our word for it. We’re not the only ones who think CMK is one of the best data privacy options available to SaaS businesses. As you’ll see in the infographic below, Salesforce, Slack, Box, Rally Software and others have all proven that CMK is both feasible and profitable.
What is CMK?
Customer Managed Keys, or CMK, is a cloud architecture that gives customers ownership of the encryption keys that protect some or all of their data stored in SaaS applications. It is per-tenant encryption where your customers can independently monitor usage of their data and revoke all access to it if desired.
Ownership of keys is one of the key points that differentiates CMK from other similar security architectures. If the customer doesn’t have full ownership of the keys and the SaaS vendor can see or access those keys in any way, that’s not what we call CMK.
Many variations of CMK exist within the industry. Here’s an infographic comparing some of these approaches.
To learn more about the trust models mentioned above, read our recent blog.
Things to Consider When Researching CMK
We’ve talked with a lot of Security Architects, CISOs, CTOs and CEOs about CMK, and here are some of the most common questions they ask.
1. What data privacy regulations do you or your customers need to comply with?
CMK meets the needs of most compliance regimes by giving full audit trails on data access. It can also help with tricky cases like holding EU data post-Schrems II.
Standard contractual clauses and updated privacy policies aren’t a sufficient basis to allow U.S. companies to hold the data of E.U. citizens. New privacy regulations and rulings mean that companies must use technical measures to protect data or else risk lawsuits and fines.
CMK architectures where your customers hold their own keys allows you to hand over data that’s encrypted if a Government so compels you. Many thorny regulatory requirements are eased using CMK with customer held keys.
2. How much effort is it to get started and what are the tradeoffs?
The most important thing to understand is that CMK is that it’s not an all-or-nothing approach. There’s a lot of flexibility with CMK to make it what you need it to be based on the requirements of your app. Usually, this means starting with a small subset of data, shipping the feature so your customers get the benefit of data control, and then adding more slices of data later as necessary.
But let’s be real. Encrypting data creates barriers to working with that data and sets up some tradeoffs. But these tradeoffs typically aren’t as big of a deal as many people fear. Here are the most common concerns we hear.
- Performance: Will this slow down our app? Usually not. There is some performance overhead, but if you architect it well, your users won’t notice any difference.
- Analytics: Can we still query on this data? It depends. If the data is in a standard SQL database, then you probably can’t query on the encrypted fields. But with CMK you can decrypt on the server, so you have the option of fetching and post-filtering or summing or whatever it is you need to do. There are also options for finding data such as using search.
- Search: Can I search on an encrypted field? Probably yes, but you may have to change how you do the search so you can keep the data secure and private. IronCore Labs offers an encrypted search feature for our CMK product. Ask us if it’s right for your use case.
- Scope: What do I need to encrypt? You likely need to encrypt things like social security numbers, names, and street addresses. You probably don’t need to encrypt things like preferences and purchase histories and state and country. Start with the most sensitive data and build from there.
3. What will this cost me?
Probably nothing. In most cases, CMK produces large returns in the form of new business, larger customers, and, if you choose to sell it for a premium, new revenue streams from existing customers.
If you add CMK, it’s critical that your product marketing, sales, and renewal teams are out touting it to your customers and prospects. It will make their jobs easier and their commission checks larger.
There are ways of getting started that require almost zero up-front costs and little time. And for bigger changes, it’s better to get a product on the roadmap when your team realizes CMK is a feature your customers will pay a premium for. We cover this more in a blog on Salesforce’s CMK product
How much does Salesforce charge customers for premium data control like this? They charge 30%
on top of the current contract. It’s an expensive feature, but your enterprise customers are willing to pay for premium privacy to protect their data (and their reputation/revenue).
For most data privacy or security features, SaaS vendors have to absorb the cost of implementation and any commercial tools as overhead. CMK is different. This is a premium privacy feature. And it pays for itself.
Let’s Do This Together
With extensive experience in data privacy, enterprise security, and cryptography, we’ve got a team ready to get you started with CMK today. Companies can spend years creating CMK from scratch, but we built the SaaS Shield CMK Kit and SaaS Shield CMK for Amazon S3
products to make life easier for you and better for your customers.
IronCore Labs' CMK solution is perfect to bring extra privacy and control to our customers. They've been a great partner to us.
─ Michele Kubicek
Manager, Product Management, Rally Software
Here’s what your security features could look like with IronCore, with us giving you the tools to create the premium layer of security.
Ready to get started? Let’s talk.
We help you cut through the noise to focus on what’s relevant to you and your data privacy needs.