Bring your own key to off-premise environments

Enable BYOK with SvKMS

SvKMS gives customers the ability to deploy a flexible architecture with an option to bring your own key (BYOK).

BYOK, also referred to as Customer-Supplied Encryption Keys (CSEK), ensures encryption keys remain in the hands of the business, regardless of location. This gives business users an important encryption key management control for data held off-premise - if the content owner disables access to the keys, it becomes impossible for the information to be decrypted by any third party. BYOK allows organizations to take advantage of native encryption from cloud service providers (CSP), yet allows them to maintain control of their encryption keys.

Deploy and integrate anywhere

Deploy specific applications not tied to the CSP's architecture, and benefit from superior ROI from a multi-cloud strategy.

Robust key management

Adhere to regulatory best practices, with more comprehensive key lifecycle management than the cloud providers.

Simple and centralized

One key manager for all your cloud needs. Control your keys in a single platform-agnostic environment, outside the cloud.

Control your sensitive data across IaaS, SaaS and PaaS with BYOK

It is generally agreed among security professionals that encryption continues to be the best technology for securing data against breaches as well as limiting government access. But when organizations decide to move their data to a cloud provider, they are giving the cloud provider access to their keys.

This is often a show stopper for highly regulated industries that need to meet intense legal requirements. Also, many organizations simply can’t accept handing over their keys to a cloud provider.

BYOK allows organizations to fully embrace the cloud story and all the efficiencies it promises, by providing full control of keys from within the organization and facilitating solid data security practices.

Integrate SvKMS with all popular cloud-based platforms


Google Cloud allows customer-supplied encryption keys for Google Compute Engine and Google Cloud Storage. Your keys are not stored on Google servers and your protected data cannot be accessed unless you provide the keys.


Azure Storage provides scalable, durable, and highly available storage, and the storage foundation for Azure Virtual Machines. SvKMS integrates with Azure Storage via their client-side encryption.


Amazon S3 supports native server-side encryption and Customer Provided Key options (S3 SSE-C). Amazon EC2 provides secure, resizable compute capacity in the cloud. SvKMS provides protected keys for full disk encryption of EBS volumes, storing your keys in a different environment from your data.


OpenStack is an IaaS open source cloud operating system and allows deployment of applications on a virtual machine. SvKMS provides volume encryption at the hypervisor level.

StorMagic SvKMS Data Sheet

Click here for more info about requirements, compatibility and support.