自带授权 (BYOK)：满足企业级 SaaS 安全需求的关键.pdf

《自带授权 (BYOK)：满足企业级 SaaS 安全需求的关键.pdf》由会员分享，可在线阅读，更多相关《自带授权 (BYOK)：满足企业级 SaaS 安全需求的关键.pdf（25页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.I S V 4 0 5BYOK:The Key to Meeting Enterprise SaaS Security DemandsPeter M.ODonnell(he/him)Principal Solutions Architect,SecurityAmazon Web ServicesJenn Reed(she/her

2、)Principal Solutions ArchitectAmazon Web Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.History of enterprise key managementWhy BYOKTwo ways of using keys for customer dataCrypto ToolsAgenda 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.HistoryBYOK,H

3、YOK,KYOK,EKM,CMK,etc.But the core idea is same:“Heres my key,encrypt with it.”“All of my data should be protected by my key(s)”Slack the original pioneerBut dont forget AWS services!Goal:Customer data protected by customer keysEvery ISVs should be pursuing BYOK 2025,Amazon Web Services,Inc.or its af

4、filiates.All rights reserved.Motivation for Customers“I want control over my data.”Big red buttonObserve what you claim logging and observabilityDisable or revoke access to dataCompliance“My data should be protected by my keys”Data sovereigntyMeet their own customers requirementsSatisfy third-party

5、stakeholders 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Motivation for VendorsEarning customers trust is hardMany customers already trust AWS KMS,especially if they use AWSAchieving compliance coverage and NIST validation is a lot to take onSingle integration point with KMS A

6、PIsFeature richRegular KMS is incredibly secure,durable,and availableTransparent key rotation with regular KMSMultiple key store options with different features and tradeoffs 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Key store options for KMS keyNativeImport keyKey is genera