<- Back to the blog

Are my Encryption Keys in the Cloud Really Secure?

Sam Ross-Gower
October 21, 2020

A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure. This can be a particular concern for people working in highly regulated industries. So how can you know if your keys are secure? In this video Dr Graham Steel explains the issues that our customers often ask us about.

For more on this subject check out our webinars on cloud KMS, and KMS alternatives.


[1] The Cloud Act

[2] AWS white paper on cloud KMS

[3] Google Cloud white paper on KMS

[4] What is an HSM and how does it work?

[5] How Ledger hacked an HSM  

[6] Excerpt of 'Security Engineering' by Ross Anderson

[7a] Recording of our webinar comparing the cloud KMS offered by AWS, GCP and Azure  

[7b] Recording of our webinar on third party alternatives to KMS

[8] Webinar about real life cryptography breaches