Many cloud providers claim to offer encryption of customer data at rest. Some of the providers claim that this means that no one, not even cloud providers can read the customers’ data stored in cloud files or cloud apps.
If you use cloud built-in encryption (with provider-managed keys), provider possesses technical capability to decrypt and provide data in response to valid legal requests.
If you use customer-managed keys, provider still holds the keys technically (for instance in Azure Key Vault), and thus has theoretical capability unless you explicitly secure the keys externally.
If encryption is done outside cloud provider (client-side), cloud provider cannot decrypt your files or data bases. This is exactly how the encryption is done if you chose TaskBeat.
Comments are closed.