Customer Managed Keys is a new security offering in Qlik Cloud.
This allows users to bring their own encryption keys (BYOK) to protect the data stored in their Qlik Cloud tenant, giving you complete control of the data encryption at rest.
What’s the big deal?
Customer Managed Keys can:
Help you meet additional Security and Compliance requirements
Allow for HIPAA & Protected Health Information (PHI) Data Use Cases
Provide further safeguards for Financial Data
Increase your organization’s trust/adoption of Qlik Cloud as you take steps to migrate on-premise platforms.
How to start using feature:
You will need to have an AWS Account and AWS KMS Key available.
A tenant admin can configure from the Qlik Cloud Management Console:
Qlik Cloud Management Console -> Configuration > Settings > Tenant encryption. There you will be able to Change the Key Provider.
Customer managed keys can only be used with new tenants that do not contain any data, apps, or content when you set up tenant encryption.
Therefore, it is strongly recommended that you configure encryption settings immediately after you create the tenant.
If you already have a tenant deployed and wish to utilize CMK, hold tight, that will be available soon!
Please note: Once your tenant is configured with CMK, if you disable or delete your CMK, tenant data cannot be decrypted using these keys and access to the data will be permanently lost. Once configured with Customer Managed Keys, if the Key is disabled, tenant data cannot be decrypted using the key. If a key is deleted, access to the data will be permanently lost.