Encryption can be useful for safeguarding data, whether in the active management or storage phase. The point of encryption is that no party can access data until it is decrypted, but this becomes an issue for cloud service providers (CSPs). They also can’t process encrypted user data, so they ask for access to the needed decryption keys. Users either must forward the keys to the CSP upon request or allow the CSP to store them on-premises.
This standard model partially defeats the idea behind cloud security, since users must disclose their decryption keys. The data becomes vulnerable upon decryption, which presents security risks as many enterprises move their data into the cloud. Organizations need a new approach that keeps data encrypted at all times.