Skip to main content
Touch blog
Hold Your Own Key and alternative encryption methods for customers holding sensitive data

Hold Your Own Key and alternative encryption methods for customers holding sensitive data

Some organisations need to retain full control over their encryption keys when they store sensitive data and communications in order to meet their own internal security requirements.

Any defence mechanism is only as strong as its weakest link. That’s why cryptographic key management is becoming a significant issue for enterprises. Key management is akin to holding the combination to a safe. But it affords no protection if the key (combination) becomes compromised, for example if a malicious actor gains access to it or is able to break the code.

As organisations store increasing volumes of data – at least some of which is likely to be sensitive information such as personal details of employees or customer – there is an ever-growing need for tighter key management throughout the entire lifecycle of the keys.

Encryption strength is key

The US National Institute of Standards and Technology (NIST) sets out guidelines for key management, stating in its Special Publication 800-57: “Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of the mechanisms and protocols associated with the keys, and the protection afforded the keys… All keys need to be protected against unauthorized substitution and modification. Secret and private keys need to be protected against unauthorized disclosure[1].”

Furthermore, according to a 2019 study by Thales and the Ponemon Institute, which asked

3,300 IT and security leaders from eight countries about the state of cloud security and key management, 48 per cent of all corporate data is held in the cloud. Of those, only 49 per cent are using encryption for sensitive data stored in the cloud, while just 30 per cent had a unified approach for securing access to both cloud and on-premise applications[2].

Storing data in the cloud, however, demands multiple questions:

  • Where is the data stored?
  • Who can access the data?
  • What is the best way to secure the data?

Who controls the keys?

Encryption is the best way to secure data, but that then begs the question: “Who holds the encryption keys?” By default, many cloud providers generate encryption keys for their customers and manage the keys throughout their lifecycle. However, for some organisations, such as those in the financial sector may need to maintain their own encryption keys in order to comply with their own internal security processes.

This has led to the introduction of several alternative approaches. For example, Bring Your Own Key (BYOK) allows organisations to create their own encryption keys that are then handed to the cloud service provider – keys remain encrypted to the provider and so cannot be seen. However, this still requires handing over control of the encrypted data, which may be sensitive, to the service provider, and still might not meet internal security procedures.

Touch supports HYOK and other encryption models

Better still is the Hold Your Own Key (HYOK) method, which allows organisations to keep full control over the generation and management of their own encryption keys. All data is fully encrypted before being sent to the storage facilities and is only decrypted only once it is back on-premise. It means that encryption keys, and therefore sensitive data, are always encrypted, making HYOK perfect for organisations that need to adhere to strict security policies.

That’s why Touch now has included HYOK encryption as an optional addition to our already secure key vault model. Contact us today to discuss your own specific secure call recording requirements.




Explore touch call recording

Touch call recording

Touch achieves important environmental management certification status with Eco-Lighthouse

Widely recognised as a reputable and credible environmental certification, the Eco-Lighthouse scheme is one of the most widely used environmental certification schemes in the country—and is seen by Brussels as equivalent to international schemes, too.

How MNOs can offer an essential value-added service to their business customers - compliance call recording

Mobile network operators can easily add call recording as a value-added service for their enterprise customers, allowing them to target compliance, quality assurance and more. Touch has helped many MNOs to enable a comprehensive, in-network, hosted call recording service to capture new revenue streams.

Sign up today with touch call recording service

Get started with Touch Call Recording Service

Start recording in minutes, not months. Need something specific? Get in touch.

Touch is

Touch Call Recording was recently awarded 'eco-lighthouse' certification, Norway's most widely used certification scheme for enterprises seeking to document their environmental efforts and demonstrate social responsibility.
Eco-lighthouse logo