Matt Landrock, CEO, Cryptomathic. BYOK (Bring Your Own Key) has become a term among cloud service providers as part of their security services. The general idea of BYOK has been adopted by major cloud service providers such as e.g. AWS, Azure, and Google Cloud. On the one hand, it is the service providers’ way of saying: Hey, we do security for you, and if you bring your own key, we cannot be forced to give it away. Now, while this is practical for storage security and relief of liability, it leaves a void to the user of the service: You generate a key and submit it. Once set up, you cannot recover it from the service provider, per design. Of course, some key management is in place at the cloud provider to ensure availability across their systems, but the user does not retain a whole lot of control. So, what can we do? Instead of “bringing your own key”, you should consider “managing your own keys”. This means the secure generation, storage, use, back-up, restore, updating, etc. for any such key, in contrast to simply exporting that one key which you happened to require for a particular project. This talk looks at what users can do to manage their keys in the cloud, taking into account the entire key life cycle.