Mirza Salihagic l Jul 27, 2023 l Data Protection, Cloud Security

Why Bring Your Own Encryption Is Taking the Public Cloud by Storm

The public cloud is transforming the way global businesses operate. As the driving force behind the latest wave of post-pandemic digital transformation, the market is forecast to grow by nearly 22% in 2023 to reach $597bn, according to Gartner. The agility, cost efficiencies and scalability public cloud offers makes it an obvious choice for many organizations.

However, these benefits also come at a price. Cloud customers might find the data they migrate to cloud platforms at greater risk of breaches, leaks and other threats. Relying on the cloud provider (CSP)’s own tools won’t always cut it. That’s why organizations are increasingly turning to Bring Your Own Encryption (BYOE) offerings.

In the engine room

If data is the fuel that powers the modern business, the public cloud is its engine room. It’s estimated that 120 zettabytes of data will be created, captured, copied, and consumed worldwide this year. And much of this will end up in the cloud—in business and customer-facing applications, databases, storage infrastructure, backups and more.

The challenge is the complexity this creates. The vast majority (72%) of organizations today run hybrid cloud environments, and even more (87%) have embraced multi-cloud. When data is distributed across diverse environments like this it can be difficult to track and secure, although this is increasingly vital due to:

  • Surging threat levels: US data breaches are on track to hit another record this year. They’ve been driven by ransomware activity which increasingly features a data theft element. One estimate claims attacks surged 74% between Q1 and Q2 2023
  • The growing cost of data breaches: The most recent estimates put this at a record high of $4.45m per breach globally, rising to $9.5m in the US and $10.9m in the healthcare sector
  • Increasingly rigorous regulatory requirements: Including the GDPR and CCPA and other state-level data protection laws in the US

Against this backdrop, there are understandable concerns that CSP data protection solutions are not adequate on their own to mitigate data security and compliance risk across disparate public cloud environments. It’s unsurprising that security is the number two cloud challenge for global organizations after spend management, cited by 79%.


In this context, BYOE is an increasingly popular option. The model is a simple one: the public cloud customer uses their preferred encryption solution, instead of or in addition to one offered natively by the CSP. It means that the generation of encryption keys and tokenization secrets are 100% in the control of the customer, so only protected data is ever allowed into the public cloud.

The benefits are numerous. They include:

Consistency across clouds: Choosing to invest in multiple CSP-delivered security solutions can create inconsistencies and coverage gaps. A single BYOE solution helps to deliver a single, unified strategy.

Data utility: If using format-preserving encryption (FPE) or tokenization in their BYOE offering, organizations have the added bonus of being able to use sensitive data without any risk of it being compromised. Data teams may otherwise be left frustrated by compliance requirements effectively preventing them from using data in business growth projects like cloud-powered analytics.

Extra security and control: Data is protected before it leaves the customer premises, adding extra security. The customer also has complete control over who can access and view the decrypted data in the cloud, enhancing control.

Portability: A single BYOE solution used across multiple cloud environments means organizations have greater flexibility to migrate data across multi- and hybrid cloud environments, whilst maintaining a consistent data-security policy. It also makes application integration easier.

Compliance peace of mind: Strong data encryption in the public cloud will help to meet stringent data protection regulations such as those in the GDPR, by ensuring data remains secure throughout its lifecycle.

It’s important to remember that not all BYOE solutions are created equal. The above benefits are all possible with comforte’s Data Security Platform. In fact, we recently partnered with Google Cloud to offer them to our joint customers.

Share this:  LinkedIn XING Email

The Value of Data-Centric Protection in Google Cloud and BigQuery

comforte Announces Partnership With Google Cloud To Offer A Data-Centric Security Integration For Big Query

Learn More

Related posts