If putting unencrypted data up in a public cloud is like leaving your house unlocked, keeping encrypted data and the encryption keys in the same cloud could be akin to leaving a copy of your housekey under your doormat.
That, in a nutshell, is one of the mistakes that led to the Capital One breach last summer. A former Amazon Web Services employee found encryption keys where the data owners had hid them and made off with credit card application information of more than 100 million customers.
That, in a nutshell, is one of the mistakes that led to the Capital One breach last summer. A former Amazon Web Services employee found encryption keys where the data owners had hid them and made off with credit card application information of more than 100 million customers.
You can get all the ugly technical detail of the hack here.
But keeping the keys far from the data has its own problems.